Like many users of child pornography, Michael Meister kept his photos and videos on his computer. When his computer stopped working, he took it into a computer repair store, True North, to transfer the data from the inoperable hard drive to a new computer. During the transfer process, the technician noticed the child pornography and contacted the police, who immediately seized the computer. The police also looked transferred the offending data–now inside True North’s system–onto two separate DVDs, and conducted two separate searches of that data. Based on the information found on the hard drive, the police obtained a search warrant and then conducted another search of the laptop.
After Meister was arrested, he moved to suppress all the information found on his computer. Unsurprisingly, the District Court denied the motion, and the Eleventh Circuit agreed. The court held that this was a simple application of the third party doctrine: “The Fourth Amendment only applies to governmental action; ‘it is wholly inapplicable to a search or seizure, even an unreasonable one, effected by a private individual not acting as an agent of the Government or with the participation or knowledge of any governmental official.’ Once a private individual, acting of his own accord, conducts a search—even one that frustrates a defendant’s reasonable expectation of privacy—the Fourth Amendment does not forbid the government from replicating the search.” Furthermore, even if the pre-warrant searches by the police were beyond the scope of the third party doctrine, the police would have found all of the contraband images eventually after they obtained their warrant, and so the searches fell under the inevitable discovery doctrine.
On one level, the Meister case is very straightforward. But it also raises an interesting issue regarding the third party doctrine. Today, more and more courts are criticizing the application of the third party doctrine to digital information, arguing that the doctrine should not apply to such data because in modern times so much data is entrusted–sometimes unknowingly, sometimes unavoidably–to third parties. When computer data is stored in the cloud, or when e-mails in transit pass through remote servers on the way to their recipient, the owner of the data may not have consciously entrusted the data to a third party. Thus, the argument goes, entrusting digital data to third parties is not at all like the “assumption of risk” that occurs when you give financial records to a bank or confide to a police informant. This argument was first made well before the computer age, by the dissenting Justices in the much-maligned Smith v. Maryland who decried the application of the third-party doctrine to data about outgoing telephone numbers that were held by a telephone company:
Implicit in the concept of assumption of risk is some notion of choice. At least in the third-party consensual surveillance cases, which first incorporated risk analysis into Fourth Amendment doctrine, the defendant presumably had exercised some discretion in deciding who should enjoy his confidential communications. By contrast here, unless a person is prepared to forgo use of what for many has become a personal or professional necessity, he cannot help but accept the risk of surveillance. It is idle to speak of “assuming” risks in contexts where, as a practical matter, individuals have no realistic alternative.
No doubt Meister’s actions fall under the category of being a “conscious choice”–he physically took his computer to a repair store and asked them to transfer the data. But it is not hard to tweak the facts a bit and make the case more like the scenario described by the Smith v. Maryland dissenters. What if Meister’s data had been corrupted, and so he sent his data electronically to a company to fix it? Probably still a conscious choice. What if he stored it in the cloud, and one of the data storage units in the cloud had become damaged, and a technician (without Meister’s knowledge) had to transfer the data from one storage unit to another? Probably not a conscious choice. Of course, under current Fourth Amendment law, the mere storing of the data in the cloud would trigger the third party doctrine. But as the courts are revising the third party doctrine to exclude data that is automatically stored or transferred by third party actors, they will need to refine exactly when (if ever) repair and maintenance of that data might re-invoke the doctrine.