Tuesday, June 24, 2008

Laptop Searches -- The German Computer Rights Case

The German Court Gets it Right

In a nice coincidence of timing, while observers in the U.S. were awaiting the 9th Circuit decision in U.S. v. Arnold, on February 27, 2008, the German Federal Constitutional Court (Das Bundesverfassungsgericht (BVG)) announced an historic decision in a case also involving the individual's right to privacy of personal data stored in digital form. Whereas the 9th Circuit found such data to be no more entitled to constitutional protection at the border than underwear in a suitcase, the BVG held that the general Right of Personality (for our purposes, the Right of Privacy) contained in Article 2 the German constitution (das Grundgesetz) includes the fundamental right to a guarantee of the confidentiality and integrity of IT systems.

(German cases are not cited by reference to the names of the parties, but are cited in the form, BVerfG, 1 BvR 370/07 vom 27.2.2008, which is the cite for the case in question. In the press, however, the case is referred to as the "Computer Rights" case, so we will use that name here.)

The Computer Rights case came to the BVG on a challenge by a group of private individuals to the constitutionality of a recently-enacted statute of the state of North-Rhine-Westfalia (the capital of which is Duesseldorf) enabling the state investigative agency to secretly hack into the computers of targeted individuals while they were online and search and copy data stored there. Thus, the case does not involve a non-consensual laptop border search, but involves instead a non-consensual online computer search. German legal counsel, consulted in connection with this post, are of the opinion that the Computer Rights case would apply to a laptop border search.

And while the 9th Circuit in U.S. v. Arnold relieved the government of the necessity of meeting any legal standard whatsoever as a prerequisite to a border search of a laptop, the NRW statute did at least contain a "reason to believe it may be helpful" standard. Nevertheless, the BVG said this was too broad and articulated a higher standard: a secret infiltration of an individual's IT system by means of which the system can be observed and its storage media read is only constitutionally permissible when grounds exist in fact which show a danger to an important legally-protected interest such as the safety, life and liberty of persons or the fundamental principals or existence of the state. And, further, the exercise of such a secret IT system search is subject to judicial oversight.

It is notable also that in its opinion the BVG used the generic term "IT system" rather than specific term "computer," evidencing the court's intention that its decision should have broad application over the entire realm of digital devices and networks.

The BVT reached these results only after an exhaustive, painstaking and detailed examination of the nature of data stored on computers in the present age. The court's review is akin to that conducted by Judge Pregerson in the U.S. District Court in U.S. v. Arnold and which Judge O'Scannlain conspicuously did not do in the 9th Circuit.

In particular, the BVG recognized that people store on their computers their most personal data, including private correspondence, photographs, sound files, etc., which contain detailed information about the relationships and conduct of the individual's life, which if obtained and disclosed can enable the government or third parties to build an extensive picture of that individual's behavior and communications. Furthermore, the secret capture of such data from the computer of one person damages third parties with whom the targeted individual has had communication, which third parties then find their own privacy violated even though they are not targets of an investigation. This in turn impinges upon the general freedom of the citizenry, who now must fear surveillance and therefore find themselves inhibited in their digital communications and relationships with their fellow human beings. In U.S. constitutional law terms, warrantless searches of laptops can have a chilling effect upon free speech.

The BVG thus developed an incisive understanding of the extent of private data now stored by the population in their "IT systems" and a realistic, even street-wise, appreciation of how that information can be in fact be used by agents of the government once it has been captured. It then concluded that the rights of individuals to be secure in the privacy of their digitally stored data were so important they were entitled to constitutional protection, and, there being no exact constitutional provision covering such "computer rights," the court fashioned a new constitutional Computer Right.

Would that the 9th Circuit had taken the same pains and worked conscientiously through the emerging privacy issues of the present digital age and come to a better appreciation that the rights of traveling citizens to privacy of their stored data deserve protection even at the border unless the CBP has at least a reasonable suspicion that illegal data may be stored on the traveler's laptop, and even that is a preciously loose standard. As U.S. law develops and as other circuit courts, and ultimately the U.S. Supreme Court, consider the problem they would do well to follow the lead of the Bundesverfassungsgericht.

No comments: