9/19/2011

By Lauren Britsch, J.D. Candidate

Technological advances have had numerous implications for the right to privacy under the Fourth Amendment. As society evolves to live more through the Internet and computers and other mobile devices, so does the realistic level of privacy and the degree of protection the law might provide. As put by the Ninth Circuit, “[t]he extent to which the Fourth Amendment provides protection for the contents of electronic communications in the Internet age is an open question. The recently minted standard of electronic communication via e-mails, text messages, and other means opens a new frontier in Fourth Amendment jurisprudence that has been little explored.”[1]One aspect of these privacy concerns manifests itself through data that an internet user transmits or shares through wireless internet of Wi-Fi connections. If, without a warrant, a law enforcement officer discovers evidence of a crime by using a computer to connect to the internet through the same wireless network of a defendant, has the defendant’s Fourth Amendment right to be free from unreasonable search and seizures been violated?

A federal district court considered the issue in a 2010 unpublished opinion, United States v. Ahrndt.[2]The defendant in Ahrndt was charged with transportation and possession of child pornography.[3]Evidence of his crime was discovered through the defendant’s wireless network.[4]The defendant’s neighbor was automatically connected to the internet via the defendant’s wireless network when her wireless network malfunctioned.[5]When the neighbor opened iTunes, a library shared by another user appeared; upon opening the shared library, the neighbor discovered a folder that contained files with sexually explicit names and references to children.[6]She contacted the police, and an officer responded and repeated the same steps to access the wireless network, opening one of the files and confirming its content was child pornography.[7]The police obtained a warrant, and searches of the defendant’s computers and files revealed images of child pornography.[8]  

Ahrndt filed a motion to exclude the evidence discovered as a result of the officer’s initial access to his files on the theory that the initial access constituted an illegal search.[9]The district court applied the Supreme Court’s two-part test to determine if a Fourth Amendment search occurred, evaluating the defendant’s subjective expectation of privacy with respect to his activities and whether society was prepared to recognize that expectation as reasonable.[10]It framed the question in this case as “whether the Fourth Amendment provides a reasonable, subjective expectation of privacy in the contents of a shared iTunes library on a personal computer connected to an unsecured home wireless network.”[11]

The court’s analysis focused primarily on the second part of the test—the defendant’s reasonable expectation of privacy. The court noted, however, that the defendant had no subjective expectation of privacy because he was a somewhat sophisticated computer user who should have known about the shared nature of his iTunes files and unsecured wireless networks.[12]

The court rejected the defendant’s contention that the search was analogous to an invasion of a hardwired home network, which would be a violation of a reasonable expectation of privacy.[13]Instead, the reasonable expectation of privacy in a wireless network, the court said, is similar to that in cordless phones, which is diminished “because of the ease of intercepting wireless transmissions.”[14]However, this diminished expectation of privacy was not enough for the court to determine the defendant had no right to privacy under the Fourth Amendment. The court also relied on the fact that the defendant had set his iTunes to share his files.[15]For the court, sharing files over the open wireless network was similar enough to the sharing of files over LimeWire, which allows anyone else with LimeWire to access the files, and was held by the Ninth Circuit to be an activity not protected by the Fourth Amendment.[16]Therefore, the defendant had no reasonable expectation of privacy in his shared iTunes library on an unsecured, open wireless network, and no search invoking Fourth Amendment protections occurred.[17]

The Court also considered whether the Electronic Communications Privacy Act (ECPA) provided another basis for the defendant’s argument that the search violated his reasonable expectation of privacy.[18]The ECPA is part of the Federal Wiretap Act and “is intended to protect against the unauthorized interception of electronic communications, and to protect stored electronic communications and transactional records from unauthorized access.”[19]The court applied to the facts of Ahrndt’s case an exception in the statute which reads: “It shall not be unlawful under this chapter or chapter 121 of this title for any person . . . to intercept or access an electronic communication made through an electronic communication system that is configured so that such an electronic communication is readily accessible to the general public.”[20]The court determined that Ahrndt’s network was so configured that his electronic communications from his iTunes were readily accessible to the any person with a Wi-Fi enabled laptop, and no violation of the ECPA occurred.[21]

Another court analyzed a similar issue under the ECPA, though in a civil context.[22]A class action was instituted against Google, which allegedly used its Street View vehicles to collect data broadcast through Wi-Fi networks and then decoded and analyzed the contents of the data.[23]The suit alleged violations of the ECPA, among other state laws.[24]Google filed a motion to dismiss, arguing, inter alia, that the Wi-Fi broadcasts were readily accessible to the general public and therefore fell within the ECPA’s exception.[25]As a basis for its argument, Google relied on a definition of readily accessible to the general public found in another section of the statute.[26]The court rejected that argument, finding that the definition argued by Google applied only to radio communications, not electronic communications, and therefore was inapplicable to the interception of data on Wi-Fi networks.[27]The court analogized Wi-Fi technology to cellular phone technology, finding (somewhat differently than the Ahrndt court) that both were designed to send communications privately and not be intercepted by third parties.[28]

The Google court interpreted Ahrndt as holding that both the unsecured nature of the wireless network and the share setting of the iTunes files were essential to finding a diminished expectation of privacy.[29]The facts of the Google case were distinguished from those in Ahrndt: while the plaintiffs’ wireless networks were unsecured, the data accessed by Google was encrypted so as not to be readily accessible to the public.[30]Therefore, the court decided that the exception in the ECPA did not apply, as it did in Ahrndt.[31]

Though not invoked by the Ahrndt court, a Kyllo analysis could shed some light on how higher courts might view an intrusion into one’s wireless network. The Supreme Court in Kyllo found an illegal search where police used a thermal-imaging device aimed at a private home to detect heat within the home during a drug investigation.[32]It held that, at least where the government employs a device that is not in general public use (such as thermal-imaging technology) to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a search and is presumptively unreasonable without a warrant.[33]The use of a laptop and Wi-Fi by the officer in Ahrndt does not seem to violate the Kyllo holding—such technology is in general public use. However, if an officer were to use sniffing and decoding technology like that allegedly employed by Google, the action might contravene Kyllo, as more advanced unencryption technology is not in general public use.

There is little case law addressing legal privacy over wireless networks. However, based on two district courts’ analysis, when one shares files within an unsecured wireless network, those files might be available to the public and law enforcement, and accessing them does not raise Fourth Amendment concerns. To establish a reasonable expectation of privacy and invoke Fourth Amendment protections, data accessed though open wireless networks would most likely have to be encrypted or not shared by the user in some way. Consideration of the issue by lower courts thus far seems to indicate that sharing files over an unsecure network could expose your virtual life to not only your unwitting neighbors but also to law enforcement.