Fourth Amendment Recent Case

Recent Case: United States v. Norris

The Fourth Amendment has long been understood to be an important source of constitutional protection of an individual’s right to privacy.  The rise of digital technologies has, however, eroded the clarity of these protections, which turn on physical words such as “persons, houses, papers, and effects.”  Legally, a police investigation only implicates the Fourth Amendment when it is “unreasonable.”  Yet courts and scholars alike have struggled with a key question — what does “reasonable” mean in the context of the Internet?  Does leaving your wireless network open negate any expectation of privacy?  What about the use of a smart home device, such as Amazon’s Alexa?  In United States v. Norris, the Ninth Circuit weighed in by holding that a defendant does not have a reasonable expectation of privacy where he piggybacks on his neighbor’s router for Internet without authorization.  In limiting privacy protections, the court’s reasoning displayed some of the difficulties of translating Fourth Amendment jurisprudence — and the Katz test in particular — to the use of modern technology.

Defendant Alexander Nathan Norris was convicted of possession and distribution of child pornography following a lengthy, technically complex FBI investigation.  Agents first traced the IP address of an account that was sharing child pornography on a file-sharing network to Apartment 242.  The pornographic material had not been uploaded by the residents of Apartment 242, but the agents did identify two unknown devices that had been connected to the Apartment 242 router without authorization.  The agents inputted the MAC addresses of these devices (as determined from the Apartment 242 router) into Moocherhunter, “an open-source wireless tracking software program.”  By using Moocherhunter to take readings around the apartment building, the agents then tracked the location of the unknown devices to the apartment next door — number 243.  The agents then obtained and executed a search warrant in Apartment 243, where pornographic material was found.

In the district court, defendant Norris made two motions: (1) to suppress the evidence obtained from Moocherhunter because its use was a warrantless search in violation of the Fourth Amendment, and (2) for a Franks hearing based on misrepresentations and omissions in the search warrant application.  The district court denied both motions.  The Fourth Amendment analysis had two steps.  The district court first found the Moocherhunter measuring had not physically encroached on Norris’s curtilage and therefore did not constitute a search under Florida v. Jardine’s property-based analysis. In the absence of physical intrusion, Norris could only establish that a search occurred by proving the elements of the Supreme Court’s Katz v. United States test.  Here, however, Norris failed because he did not have a subjective expectation that his MAC address would remain private after connecting to a third-party’s router without authorization.  Furthermore, even if he expected privacy, such an expectation would not be recognized as reasonable by society.

The Ninth Circuit Court of Appeals affirmed.  Writing for the panel, Judge Rawlinson agreed that, in the absence of physical intrusion, Norris could only prove a Fourth Amendment violation if the agents had engaged in a search as defined by Katz.  Under the first step of Katz, Norris could have no subjective expectation of privacy in “information openly available to third parties.”  Norris’s wireless signal had “reached outside” his residence — much like loud music “reaches outside” a home — to connect to a router.  Moreover, the court distinguished the privacy expectation here from the defendant’s expectation in Kyllo v. United States, where thermal-image scanning of a house was a search.  In Kyllo, the defendant’s activities were confined to the physical limits of his home, whereas Norris’s act of connecting to the Internet was not.

Norris also failed on the second prong of Katz.  Even if he had a subjective expectation of privacy, such an expectation “was not one society is prepared to recognize as reasonable.”  The court analogized Norris to other defendants who obtained property through unauthorized means — such as theft of a laptop — and therefore could not expect privacy in the stolen property.  Norris therefore failed to demonstrate that a Fourth Amendment search occurred.

The court also rejected Norris’s Franks hearing claim, which alleged that the FBI omitted significant facts on the search warrant, such as the lack of training for FBI agents on how to use Moocherhunter.  These facts did not change whether there was a “fair probability” that Apartment 243 was the source of the pornographic material, so Norris failed to meet his burden of proof to trigger a Franks hearing.

The court’s reasoning about whether a search occurred displayed arbitrary — and formalistic — line-drawing.  For example, on first blush, Norris’s case seems similar to Kyllo, where the defendant reasonably expected privacy from the use of sense-enhancing technology to obtain information about the interior of his home.  Here, like in Kyllo, Norris’s illegal activity occurred within the confines of his own home.  The court worked around this similarity, however, by highlighting the fact that accessing an Internet router outside the home constitutes “reaching beyond the confines of [one’s] home.”  This distinction seemed to be dispositive of whether Norris’s expectation of privacy was reasonable, but such a categorization is vastly overinclusive.  If accessing the Internet constitutes a “reaching” out that negates any expectation of privacy, then the defendant’s high-intensity lamps in Kyllo also “reached” because the lamps’ heat emanated beyond the home.  Moreover, almost any Internet activity, by its nature, requires communication or access to something outside the home.  Under the court’s analysis, any contents of an individual’s WiFi traffic could therefore become fair game for the government to access without a warrant.  Although classifying cases according to whether the defendant reached outside the home may hold up in tangible, physical contexts, this “line” becomes virtually meaningless in a digital context.

Translation of the Katz test to an Internet context also unveils another, more fundamental problem with the Katz analysis: both steps of the test rely on judges to determine what ordinary people or society expect in privacy.  But judges are not required to be proficient in technology, and may not be reliably aware of current societal attitudes about rapidly changing technology.  Furthermore, the idea that an amorphous, societal perspective on privacy should define legal protections perversely motivates a race to the bottom.  The increasing ingenuity of cyberattackers and hackers will steadily lower societal “expectations” of privacy.  As individuals are exposed to data breaches, for example, their “subjective” expectations about whether information will stay private, per the first prong of Katz, will decrease accordingly.  Katz’s metric for evaluating privacy will therefore lead to an ever-lowering standard for privacy.

These concerns are merely a few of the issues that call into question Katz’s efficacy as a legal test to determine the contours of the Fourth Amendment’s protections.  The opinions of both the majority and dissents in the most recent Supreme Court case to tackle Katz in the context of technology (Carpenter v. United States) agreed on the difficulty of applying Katz.  Regardless of whether legislation, or some other means of standardization, is the appropriate solution to the privacy question, both sides of the aisle should be able to agree that the Katz standard has failed to help courts develop administrable, thoughtful rules that are responsive to changes in modern technology.