By Matthew Scott

The warrants granted recently in the special investigation of former “Empire” actor Jussie Smollett’s alleged faked hate crime last year highlight law enforcement’s expanding ability to gain access to vast amounts of personal data and the potential risks that poses to the digital privacy rights of Americans.

“There are tremendous risks to individuals’ privacy from the collection of data on this scale and also law enforcement access to information on this scale,” Mark Rumold, senior staff attorney at the Electronic Frontier Foundation (EFF), warned to Digital Privacy News. 

The warrants, issued by Cook County Circuit Court Judge Michael Toomin in December, granted law enforcement expansive reach. He directed Google to turn over a year’s worth of digital data and documents from its Drive accounts of Smollett, 37, and his manager, Frank Gatson.

Google Voice texts, call logs, contacts, images, photographs, search and web-browsing histories, GPS location data and other documents all were handed over to prosecutors under Toomin’s order.

The warrants also gave authorities access to both men’s deleted text messages and email drafts.

Allowing law enforcement such entry to personal digital information from multiple service providers alarmed privacy advocates. The volume of data regularly collected by tech giants like Google, Facebook, Apple Inc., Verizon Communications Inc. and others is gargantuan. 

The Smollett warrants show that authorities view the troves of digital information collected by these companies as a resource — and they will continue to find ways to access it, experts tell Digital Privacy News.

However, allowing police and prosecutors unfettered access to such private data can lead to abuse or other unintended consequences.

“Maybe in one case it might be justified,” Rumold said, “but in another case, law enforcement might gain access to a huge trove of data while investigating trumped-up charges, and in that data they may find evidence of a completely separate crime — a crime they didn’t even know that you were committing.

“Then, you’ll be prosecuted for that.” 

“There are tremendous risks to individuals’ privacy from the collection of data on this scale and also law-enforcement access … on this scale.”

Mark Rumold, Electronic Frontier Foundation.

No New Charges

While the warrants did not bring additional charges against Smollett, he still faces six felony counts of disorderly conduct in connection with the initial the faked hate-crime scheme in January 2019.

The case has been on hold while the courts heard a countersuit filed by the actor, claiming he was maliciously prosecuted by the City of Chicago, which is seeking to recoup $130,000 in expenditures by city police related to investigating the initial allegations. 

U.S. District Court Judge Virginia Kendall in Chicago ruled last month that the malicious prosecution case could not continue until the disorderly conduct charges were settled. No hearing date on those charges has been set.

Privacy Safeguards

Adam Scott Wandt, assistant professor of public policy at the John Jay College of Criminal Justice in New York, said the judicial system had some safeguards in place that could protect privacy rights involving such of warrants.  

“If a search warrant is overly broad or is not sought in good faith, there are levels of judicial review and appeal already in place which do provide some relief for defendants whose rights have been violated,” he told Digital Privacy News.

If procedures are not followed, “There is the possibility to have the evidence suppressed and not be admitted into certain proceedings,” he said.

Fourth Amendment Protections

The Fourth Amendment to the U.S. Constitution requires police to go through the courts and a judge to establish probable cause before they can collect evidence.

Wandt said authorities must “show they have probable cause and an affidavit that sufficiently lays out why they should be able to retrieve this data.”

But safeguards in the court system are not foolproof and can take a long time to rule in favor of citizens. Some privacy advocates long have questioned whether the courts provide adequate protection in today’s pro-law enforcement environment.

“It is extremely important that we support a society that does not allow law enforcement to access (private) information directly in most cases without going to a court or tribunal to obtain a search warrant,” Wandt told Digital Privacy News.

Any search warrant, he said, “needs to be as narrowly tailored as possible in order to only give law enforcement the information that they need or that they have the right to access.”

“Encryption is our strongest defense against abusive governments, hackers and organized crime.”

Jennifer Stisa Granick, ACLU.

Big Tech vs. Government

One additional safeguard of privacy rights lies with Apple, Facebook and other service providers. Apple has resisted government pressure to unlock iPhones for years, and Google and Facebook are deploying enhanced encryption technology across all of their offerings.

In fact, FBI Director Christopher Wray blasted Apple last week after agents eventually accessed information from the iPhone of the suspect in December’s fatal shootings at the Naval Air Station in Pensacola, Fla., without the company’s help.

“Apple made a business and marketing decision to design its phones in such a way that only the user can unlock the contents no matter the circumstances,” Wray said at a news conference announcing the dead shooter’s ties to terrorists.

“Apple’s desire to provide privacy for its customers is understandable, but not at all costs,” he said.

Wray also maintained that “technology companies are capable of building secure products that protect user information and, at the same time, allow for law-enforcement access when permitted by a judge.”

However, despite Wray’s assertions, Apple and other technology companies have been pushing against law enforcement’s efforts to force them to build “backdoors” to give police access to encrypted communications.

“Encryption is our strongest defense against abusive governments, hackers and organized crime,” Jennifer Stisa Granick, the American Civil Liberties Union’s surveillance and cybersecurity counsel, told Digital Privacy News.

“Requiring technology companies to build a government backdoor into our encrypted communications would break that crucial defense, while also empowering repressive governments like China and Iran to obtain and abuse private communications,” she said.

“There is the possibility to have the evidence suppressed and not be admitted into certain proceedings.”

Adam Scott Wandt, John Jay College of Criminal Justice.

Assault on Encryption

Generally, when police or prosecutors present a valid search warrant, U.S. companies must comply.

But technology companies now are arguing that they should not have to comply with warrants for encrypted data.

They contend that being forced to build flawed products by the government leads them to violate privacy laws and places users at risk of fraud, data theft and other crimes.

Additionally, encryption further helps protect privacy, Granick said, because it “provides anonymity to dissidents, whistleblowers and human-rights defenders — so they can freely express themselves, organize and expose governmental abuse without fear of retribution.”

The Ongoing Privacy Battle

But EFF’s Rumold said that, going forward, the process of granting warrants for collecting digital information could be made more fair for Smollett and others who are suspected of committing crimes.

“Law enforcement should have to specify what type of evidence, based on the specifics of a particular case, that they intend to find on the phone (or device) in order to get a warrant to search it,” he told Digital Privacy News.

In addition, authorities should have “strict time limits associated with the amount of data they have access to, and a narrowing and capping of the type of data that law enforcement can access.”

Wandt, of John Jay College, said that no matter how difficult it might be, privacy advocates and government should ensure that law enforcement obtained and served warrants correctly.

He readily acknowledged, however, that protecting privacy rights is not just about law enforcement’s ability to obtain warrants.

It’s an ongoing struggle on multiple fronts.

Users Have a Responsibility, Too

Granick told Digital Privacy News that individuals also must protect their privacy rights, though many people do not take that responsibility seriously.

“People should be careful to protect their account information and limit the information that third parties collect about them,” she said. “Avoid apps that track your location and online surveys that promise too-good-to-be-true prizes.”

Otherwise, privacy experts told Digital Privacy News that people can safeguard their privacy by enabling two-factor authentication on all accounts, using a password manager to generate unique identifiers for websites or apps and obtaining a private web browser to safeguard all online activities.

Even after taking such precautions, your privacy still remains at risk.

“In 2020, privacy does not actually exist anymore,” said John Jay’s Wandt. “It’s not just law enforcement, but government, commercial and marketing companies that we have to worry about.

“The only question is, who is violating what used to be our privacy — and how can we get some of it back through legislation?”

Matthew Scott is a New York writer.

Illustration: Cheyanne Salmon

Sources (external links):

• WTTW: Federal Judge Throws Out Jussie Smollett’s Malicious Prosecution Suit
• AP: Judge tosses Smollett’s malicious prosecution lawsuit
• ACLU: In Latest Encryption Battle with Apple, Justice Department Still Wrong
• ACLU: How to Protect Yourself From Government Surveillance