The Ninth Circuit announced today police violated a defendant’s Fourth Amendment rights when they warrantlessly searched files that Google automatically reported using a proprietary algorithm designed to detect child sexual abuse material (“CSAM”). Prosecutors in the case, United States v. Wilson, had argued that the police officer’s search of the defendant’s files did not violate the Fourth Amendment because Google, a private party, had conducted the initial search. The district court agreed, finding that there was a “virtual certainty” that the files Google sent to police were identical to files previously identified by a Google employee as CSAM. But no Google employee reviewed the defendant's files before sending them to police—instead, Google automatically forwarded the files to law enforcement after a proprietary algorithm matched the files to previously-identified CSAM images. EPIC filed an amicus brief in the Ninth Circuit appeal to explain that prosecutors had failed to show that the proprietary Google algorithm reliably matched images. EPIC also urged the court to narrowly apply the private search exception. The Ninth Circuit found that the police search “allowed the government to learn new, critical information” and “expanded the scope of the antecedent private search because the government agent viewed Wilson’s email attachments even though no Google employee—or other person—had done so.” The Ninth Circuit also echoed EPIC’s amicus brief: “on the limited evidentiary record, the government has not established that what a Google employee previously viewed were exact duplicates of Wilson’s images.” The decision in this case diverges from previous federal appeals and state court decisions on the issue and may lead the Supreme Court to review the important privacy implications of mass automatic file scanning programs.
Nine Democratic Senators led by Senator Richard Blumenthal have called on the Federal Trade Commission to conduct a rulemaking process to "protect consumer privacy, promote civil rights, and set clear safeguards on the collection and use of personal data in the digital economy." "Americans’ identities have become the currency in an unregulated, hidden economy of data brokers that buy and sell sensitive information about their families, religious beliefs, healthcare needs, and every movement to shadowy interests, often without their awareness and consent," the Senators said. Senators Schatz, Wyden, Warren, Coons, Luján, Klobuchar, Booker, and Markey joined Senator Blumenthal on the letter. EPIC has long urged the FTC to impose clear privacy obligations on companies that collect and use personal data, including by exercising the Commission's underused rulemaking power. In 2020, EPIC filed a petition with the FTC calling on the Commission to conduct a rulemaking on the use of artificial intelligence in commercial settings. "By defining unfair and deceptive practices ex ante, and with specificity, a trade regulation rule would make it easier for the FTC to take action against parties that harm consumers," EPIC explained.
The New Jersey Supreme Court today decided that dog owners in the state do not have a colorable claim to privacy in their names and addresses—but there may be a privacy interest in the names and breeds of their dogs. The case, Bozzi v. City of Jersey City, asked whether the privacy exemption to the state’s freedom of information law required government agencies to withhold the names and addresses of dog license holders when the only justification for disclosure was commercial interest in selling dog paraphernalia. EPIC filed an amicus brief and presented oral argument in the case, arguing that the privacy interests in names and addresses in government documents is well established under federal law and the state should follow the federal example. The court’s majority found no colorable claim to privacy for dog owners because “owning a dog is, inherently, a public endeavor”—owners take their dogs on “daily walks, grooming sessions, veterinarian visits,” “celebrate their animals on social media or bumper stickers” and “enter their dogs into public shows.” But, as the two dissenting justices retorted, “dog owners appearing in public with their dogs do not do so while simultaneously advertising their full names and addresses.” Further undermining the majority’s reasoning was the court’s recognition that other information in the dog license record—such as the name and breed of the dog, which is exposed to the public to the same degree as dog ownership, and moreso than the names and addresses of owners—may need to be redacted because of the privacy interests at stake. EPIC routinely participates as amicus in cases involving involuntary disclosure of personal information to third parties.