Over the past several years, online DNA testing has exploded as millions of Americans seek to learn more about their origins or locate relatives. My sister sure appreciated receiving one of these kits as a Christmas gift last year. In submitting samples to companies like Ancestry.com, 23andMe, and FamilyTreeDNA, they open themselves up to unearthing family secrets.
But should they also unwittingly forfeit their constitutional protection against unreasonable searches? My home state of Utah says no.
Long a bastion of genealogical study — Ancestry.com is based in Lehi — the Beehive State is now a bulwark of digital privacy and a model for the rest of the country to emulate.
In March, Republican Gov. Gary Herbert signed into law a first of its kind privacy bill, HB 57, which prevents law enforcement officials from obtaining user data from third-party providers such as Family Tree, Google, or Facebook just by asking.
The new law says anyone who sends personal electronic information through a remote computing service — like the “cloud” — has a reasonable expectation of privacy. In order to access that data, the government must obtain a warrant.
This doesn’t prevent law enforcement from accessing this information. But it does mean that before police go poking around in people’s private data, they need a warrant, just as they would to enter your home and rifle through your drawers and filing cabinets.
Right now, that’s not the case on the federal level or in the 49 other states where law enforcement can easily access your personal information through third-parties with little accountability.
This is thanks to “third party doctrine,” a decades-old legal theory created by the U.S. Supreme Court in the 1970s. It held that individuals have no reasonable expectation of privacy when they share their data with a third party. In today’s world, that means everything from family photographs to medical information to financial records (pretty much anything you’d store in an app) is up for grabs as long as the company is willing to share. It doesn’t take a vivid imagination to come up with scenarios in which this practice could be easily abused.
But third-party doctrine may be on the ropes. Recently, the Supreme Court issued an opinion in Carpenter v. U.S. that recognized individuals have a reasonable expectation of privacy when it comes to cell phone location information. This acknowledgement of privacy for digital data held by a third party is promising, but still limited.
On average, Americans spend more than five hours a day on our smartphones. We use them to track fitness goals, read books, manage our finances, purchase groceries, remotely turn on the air conditioning, track medical issues and on and on. Virtually every aspect of daily life can be handled in an app. This information is personal, private, and should be protected just as our physical homes and effects are.
The Utah law upends third-party doctrine with regard to digital data. Other states and the federal government should follow suit, so the law can swiftly catch up to Americans’ digitized lifestyle. Meanwhile, Utah is plowing ahead. State Rep. Adam Robertson has proposed a groundbreaking biometric privacy bill that would prevent police from forcing suspects to unlock their smartphones with fingerprints or facial biometrics without a warrant.
These measures provide a blueprint to bring state and federal privacy protections into the 21st century. We must ensure that Americans everywhere continue to enjoy the rights and freedoms that our Founders intended when they wrote, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”
Heather Williamson is state director of Americans for Prosperity-Utah.
