Key privacy doctrine needs updating due to technology, Stanford law professor says

Stanford scholar Robert Weisberg says it is time to match old law – the "third-party doctrine" – to today's technology. Warrants should be required for law enforcement access to phone and bank data.

Shutterstock Cellphone being scrutinized with magnifying glass

Stanford Law Professor Robert Weisberg says American privacy laws need to be updated to match modern technology.

The nation's privacy law should change to better reflect the reality of today's technology, a Stanford law professor says.

Robert Weisberg, the Edwin E. Huddleson, Jr. Professor of Law at Stanford University, said that the so-called "third party" doctrine of the Fourth Amendment needs to be reformed – it holds that people who voluntarily give information to third parties are not protected by a reasonable expectation of privacy. The law allows the government to constitutionally obtain information from third parties without a warrant.

Back in the 1970s when the doctrine was established, it simply allowed police to question gang members, for example, without needing a warrant. Over time, however, the courts expanded the exception, allowing warrantless searches of telephone metadata and financial records at banks.

This past spring, Weisberg guided students in a policy practicum on issues regarding state access to user records held by communications companies. The Stanford News Service recently interviewed Weisberg, the co-director of the Stanford Criminal Justice Center, on the topic.

Why do we need changes in the "third party" privacy doctrine?

The U.S. Supreme Court has made a supreme mess of the issue of application of the Fourth Amendment to information held by so-called third parties (companies.) It once held that customers of banks have no protection for their bank records, and customers of telephone companies enjoy no protection, at least for the record of phone logs (as opposed to actual conversations.) The high court just flat-out said that you waive any protection when you sign up.

Now, no one is so sure about how all this applies to Internet service providers and social media companies. On top of this, we as a society are nervous even about phone numbers, given the dot-connecting ability of modern data mining.

What are the recommendations that you suggest for changing the law?

When all is said and done, it's going to be about warrants for third parties. But warrants are not panaceas, because we will have to decide the standard the warrant must meet – is it a probable cause of a crime, or some discernable national security concern, for example – and what criteria merit an exception?

Why is a warrant requirement important for this type of data?

Warrants alone won't solve the problem. We have a two-plus centuries tradition of not quite trusting the executive branch.

Should the law treat information as private even though others know about it?

It depends on what you mean by "know about it."  There's probably a consensus that even if Google has access to your email, and of course can read it if it wants, we reasonably expect that it will not use it for purposes we do not approve of.

In the light of accelerating technology, what's the most efficient way to address these issues?

Congress will attempt a comprehensive scheme to cover all this, and we can only hope that it finds its better congressional self and writes laws that do not leave too much interpretation to the courts.

Robert Weisberg, Stanford Law School: (650) 723-0612,

Clifton B. Parker, Stanford News Service: (650) 725-0224,