An Addendum: A Fifth Category of U.S. Privacy Law

With the holiday in the rearview mirror, I had time to reflect on the four categories of privacy law proffered in the last blog. One more came to mind as I was driving up I 95 near D.C., appropriately so, because it is about administrative law.  Allow me, for the record, to copy and paste the ones that I included in the last blog and add this one to it, with a little description.  It matters because administrative law may come to play a more significant role in governance of Internet companies that either the legislature or the judiciary. The legislature is so gridlocked and the judiciary often does not seem to understand technology, although recent decisions on copyright that have appreciated transformative use in not-for-profit settings signal a better future. To have all of the categories in one blog space is why I am repeating the previous ones.  And with future posts I hope to build on this foundation.  If you remember the previous post, then skip down to number 5 below.

1. Family Planning, Reproduction and Sexuality  (Individual v. The State)
The first is probably the one that springs most immediately to the layman's mind.  Before 1965, states could and did have laws that prohibited information about and possession of contraception.  In that year, the Supreme Court decided that such laws violated the Constitution.  Because the word privacy does not exist explicitly in the Constitution, the understanding among the prevailing opinions was that a "penumbra" of rights from Amendments 1,3,4,5 and 9 that amounted to such a right contravened by states that imposed laws interfering with the decisions that married couples made in their "bedrooms" about family planning.  It was not long before the Court expanded the ruling from married to unmarried individuals, and then to a striking down of state abortion laws, and most recently to the decriminalization of adult, consensual sodomy laws.  

2. Fourth Amendment and Criminal Law  (Individuals v. The State)
The second also readily leaps to most people's minds, especially in light of the USA-Patriot Act, T.V. series such as The Soprano's or the The Wire in which there are dramatic depictions of wire taps, and most recently, the Patraeus case, because they all involve electronic surveillance in the telephonic and Internet age.  When first brought to the Court in 1928 in the context of a police wiretap on bootleggers' phones, the Court did not find a violation of the Fourth Amendment.  Clamps on a black box did not resonate with the physical proximity picture of police entering an individual's home.  By 1967, given much change in manners and mores (not least of which was the Griswold case described above about contraception) over time, the Court reversed itself and found a Fourth Amendment right in telephonic communications.  The next year Congress passed a law that outlined rules, procedure and consequences for "wiretapping," drawing an important distinction between content of a phone conversation, which required a warrant, and "conversational detail" such as is found in telephone billing records.  In 1986, Congress amended that law and passed our current criminal communications law: the Electronic Communications Privacy Act.  This law combined and conflated telephony and TCP/IP data networking.  In the Internet context, "content" would be the full email message or specific web page visited by the user; "conversational detail" would be the "metadata" in network logs with source and destination Internet Protocol numbers, time stamps, etc.   

3. Public and Consumer Law (Individuals v. Corporations)
The third has become familiar to the popular mind because they are confronted with it in the form of annual privacy notices from banks and forms to fill out before being seen by a doctor.  The U.S. has a relatively unique "sectoral" approach to public consumer privacy by demarcating specific and narrow bands of information, for example education records (FERPA); financial records (GLBA); health care records (HIPAA) and a series of other one-off categories such as video rental records (as a result of the Bork nomination hearings and the disclosure that he rented pornography from Blockbuster).  Europe and other developed nations such as Australia, New Zealand and Japan have adopted comprehensive data laws that protect personal information in any context held by a company or a corporation.  Twentieth-century history and a tradition of more robust regulation informs the comprehensive approach; in the U.S. historical naiveté and a more powerful market and lobbying sector restrict public privacy laws both by kind and application.  For example, only patient care records of a "covered" entity are actionable under HIPAA, not even all health care records.  Cable subscription records are not protected but might reveal as much if not more about an individual than their bank account records.  Not to mention all those annoying telephone and Internet marketers …

4. Torts and Civil Law  (Individuals v. Individuals)
Established at the turn of the last century, the fourth area is the potential growth industry for plaintiff lawyers in the twenty-first.  Torts such as "misappropriation of likeness" or "invasion of privacy" have taken on real meaning for average people with the explosion of technology.  Tyler Clementi's parents decided not to bring an action against the roommate who has faced criminal penalties for "invasion of privacy" but under New Jersey state law they could bring such a case.  A cousin of defamation and libel, these torts used to be reserved mostly for the famous.  But as imaging and information technologies have grown faster than an appropriate use bounded by either case law or personal ethics, violations occur daily awaiting an angry plaintiff and a deep pocket.

5.  Administrative Law  (Corporations v. Consumer, mostly …)
Administrative law is probably the least understood area of law by most lay people because while required to be transparent through "notice and comment rules" it is done by the executive agencies of the federal government.  Sometimes called the "fourth branch," it is that area of law executed, for example, by the Federal Trade Commission or the Federal Communications Commission, two agencies named because with respect to the Internet they are, together with the Library of Congress which houses the Copyright Office and the Commerce Department, which controls the root domain name servers, probably the most influential agencies for areas of the Internet.  The Federal Trade Commission in particular zeros in on privacy issues.  For example, it is that Commission that has and continues to press Google on the inherent ambiguities in its privacy policies.  The F.T.C. also is the agency that about a year ago required Facebook to inform its users of changes to privacy settings.  The F.T.C. is currently the locus of "Do Not Track" discourse, and a good interview in the Wall Street Journal recently with its chairman, Mr. Lebowitz is a summary not only of the issue, but how the F.T.C. approaches privacy generally as a balance between strong market forces and a concern for the consumer.  http://online.wsj.com/article_email/SB100014241278873245563045781194334…; By and large, that is what all agencies are supposed to do, and whether they accomplish this goal is matter of ideological and political persuasion.  Some extremists, for example Justice Thomas o the Supreme Court, find no constitutional foundation in some interpretations of the law over which agencies have sway, for example the commerce clause and control of trade, but most people will find their differences in matters of degree on the balance between business and consumers and not in the extremes.  If for no other reason than this sway, and to calibrate the balance appropriately for economic growth and consumer safety, administrative law is a vital area of U.S. law, and most especially on issues of privacy.