©2012 Brian S. Batterton, Attorney, PATC Legal & Liability Risk Management Institute (www.llrmi.com)
On March 15, 2012, the Court of Appeals of Georgia decided Hatcher v. State [i] in which the court discussed whether a person other than the actual subscriber has a reasonable expectation of privacy in Internet Service Provider (ISP) subscriber information. The facts of Hatcher are as follows:
The evidence in this case shows that an investigator with the Cherokee County Sheriff’s Office learned that someone was using a computer in Cherokee County to share child pornography on the Internet. The investigator ascertained that the Internet Protocol (IP) address used by the child pornographer was assigned to a customer of Comcast Cable Communications, an internet service provider, and the investigator asked Comcast to provide certain information about the account of that customer [Note: The detective obtained a search warrant for the information and faxed a copy to Comcast in New Jersey.]. Comcast [complied], disclosing the name of the customer and her billing address, which was a residential address in Cherokee County.
The investigator obtained a warrant to search the residence at the billing address for certain evidence of child pornography, including any computers or electronic data storage devices that he might find there. When the investigator went to the home, he confirmed that it was occupied by a family that subscribed to Comcast internet service. The investigator learned that the family used a wireless router to access the Internet, and he also discovered that Hatcher lived in the basement of the home and used the same wireless router. The investigator interviewed Hatcher, and another officer examined his computer and found files that appeared to contain child pornography. A subsequent forensic examination of the computer revealed numerous files containing child pornography. [ii]
Hatcher was arrested and filed a motion to suppress arguing that the subscriber information obtained from Comcast was obtained in violation of Fourth Amendment and as such all evidence derived from that information should be suppressed. The trial court denied Hatcher’s motion and he appealed to the Court of Appeals of Georgia. Thus, the issue before the court was whether Hatcher had a reasonable expectation of privacy in the subscriber information related to the Comcast account.
The court of appeals examined various court precedents related to the issue. The court noted that, in Smith v. Maryland, the United States Supreme Court held that:
A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties. [iii] [emphasis added]
In Smith, the Supreme Court held that a person had no reasonable expectation of privacy in telephone numbers dialed and voluntarily conveyed to the phone company. Additionally, in the United States v. Miller, the United States Supreme Court held that a person did not have a reasonable expectation of privacy in financial information that he or she conveyed to their financial institution which was exposed to financial institution employees in the normal course of business. [iv]
In regard to the principal from Smith and Miller above, the court of appeals stated:
Consistent with this principle, numerous federal courts have concluded that an internet service customer has no reasonable expectation of privacy in the subscriber information that he gives voluntarily to his internet service provider. [v] [emphasis added]
The court then listed cases from the Third, Fourth, Sixth, Tenth and Eleventh federal circuit courts of appeal that have reached the conclusion above. [vi] However, although the court stated that it doubted that a customer of an Internet Service Provider would have reasonable expectation of privacy in the subscriber information provided to the ISP in order to obtain internet service, the Georgia court did not make a definitive ruling on that question in this case.
Rather, the court noted that Hatcher was not the person who subscribed with Comcast for the account on which he accessed the internet. Rather, Hatcher lived in the basement of the actual subscriber for about two months and accessed the internet via the homeowner’s wireless router. The court stated that the record on appeal did not state what his relation was with actual subscriber and whether he was a renter or a guest. In light of this significant fact, the court then stated:
Even if a subscriber might have a reasonable expectation of privacy in her own account information, we do not understand how anyone else could have a reasonable expectation of privacy in it, especially in the absence of some special relationship between that person and the subscriber. [vii] [emphasis added]
As such, the court affirmed the denial of the motion to suppress and held that Hatcher failed to establish a reasonable expectation of privacy in the information obtained from Comcast.
Lastly, it is important to note that the court did not examine whether a person has a reasonable expectation of privacy in the content of electronic mail and other electronic communication that he or she transmits on the internet. Rather, the court cited Rehberg v. Paulk [viii] and noted that, in that case, the Eleventh Circuit stated that it is very difficult to determine whether a person has a reasonable expectation of privacy in the content of their electronic communications.
Summary of the Law
A person has no legitimate expectation of privacy in information he voluntarily turns over to third parties, such as phone numbers dialed into a phone or ISP subscriber information.
Some courts have held that a person does not have a reasonable expectation of privacy in the “To/From” sections (the address bar content) on electronic mail. [ix]
Many courts have acknowledged the difficulty in ascertaining whether a person possesses a reasonable expectation of privacy in the content of electronic communications, even though that is turned over to the ISP in order to transmit the information. As such, officers are best advised to proceed with search warrants for such content. If fact, on this issue, the Eleventh Circuit Court of Appeals, in Rehberg, stated:
The Supreme Court’s more-recent precedent shows a marked lack of clarity in what privacy expectations as to content of electronic communications are reasonable. In City of Ontario v. Quon, 130 S. Ct. 2619, 177 L. Ed. 2d 216 (U.S. 2010), the Supreme Court reversed the Ninth Circuit’s decision that held a government employee had a reasonable expectation of privacy in text messages sent and received by a third party. The plaintiff police sergeant sued the City for violating his Fourth Amendment rights by obtaining and reviewing transcripts of personal text messages he sent and received from a pager that was owned by the City and issued to him for work use. 177 L. Ed. 2d at 221. The parties disputed whether the plaintiff, as a public employee, had an objectively reasonable expectation of privacy in those text messages. 177 L. Ed. 2d at 221.
Even after the briefs of 2 parties and 10 amici curiae, the Supreme Court declined to decide whether the plaintiff’s asserted privacy expectations were reasonable. 177 L. Ed. 2d at 221. The Supreme Court acknowledged that the case “touches issues of far-reaching significance.” 177 L. Ed. 2d at 221. After remarking that it “must proceed with care when considering the whole concept of privacy expectations in communications made on electronic equipment owned by a government employer,” the Supreme Court cautioned that “[t]he judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.” 177 L. Ed. 2d at 227. [x]
Note: Court holdings can vary significantly between jurisdictions. As such, it is advisable to seek the advice of a local prosecutor or legal adviser regarding questions on specific cases. This article is not intended to constitute legal advice on a specific case.
[i] A11A2416, 2012 Ga. App. LEXIS 288
[ii] Id.at 2-3
[iii] Id. at 4 (quoting Smith v. Maryland, 442 U.S. 735, 743-744 (1979))
[iv] Id. at 5 (citing United States v. Miller, 425 U.S. 435 (1976))
[v] Id. at 5
[vi] Id. at 5-6 (See, e.g., United States v. Beckett, 369 Fed. Appx. 52, 56 (II) (A) (1) (11th Cir. 2010) (“[S]uppression under the Fourth Amendment was not required because [the subscriber] did not have a reasonable expectation of privacy with regards to the information transmitted.”); United States v. Christie, 624 F3d 558, 573-574 (II) (C) (3rd Cir. 2010) (no reasonable expectation of privacy in IP address or subscriber information because such information is voluntarily conveyed to third parties); United States v. Bynum, 604 F3d 161, 164 (II) (A) (4th Cir. 2010) (no reasonable expectation of privacy in internet service subscription information [*6] because it is voluntarily conveyed to third parties); United States v. Perrine, 518 F3d 1196, 1204 (I) (10th Cir. 2008) (“Every federal court to address this issue has held that HN5 subscriber information provided to an internet provider is not protected by the Fourth Amendment’s privacy expectation.”); Guest v. Leis, 255 F3d 325, 336 (II) (C) (3) (6th Cir. 2001) (“[C]omputer users do not have a legitimate expectation of privacy in their subscriber information because they have conveyed it to another person—the system operator.”).
[vii] Id. at 7-8
[viii] 611 F.3d 828 (11th Cir. 2010)
[ix] See Rehberg, 611 F.3d at 842-847 (“Several circuits have concluded that a person lacks legitimate privacy expectations in Internet subscriber information and in to/from addresses in emails sent via ISPs. See, e.g., United States v. Perrine, 518 F.3d 1196, 1204-05 (10th Cir. 2008) (“Every federal court to address this issue has held that subscriber information provided to an internet provider is not protected by the Fourth Amendment’s privacy expectation”) (collecting cases from the Fourth, Sixth, and Ninth Circuits and district courts in West Virginia, Massachusetts, Connecticut, Maryland, New York, and Kansas); United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008) (“[E]-mail and Internet users have no expectation of privacy in the to/from addresses of their [**28] messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information.”).
[x] Rehberg, 611 F.3d at 845-847