Note: Incognito Mode Is in the Constitution

By Travis Panneck. Full Text.

How much should the government be able to learn about an internet user without probable cause? Following the third-party doctrine, courts have held that internet users have no reasonable expectation of privacy in information “turned over” to internet service providers through ordinary use of the internet. Through minimal compulsory process, law enforcement can obtain information regarding a person’s internet use that can reveal a person’s political preferences, sexual fetishes, and medical ailments.

The Supreme Court’s 2018 decision in Carpenter v. United Statessignals a move away from the third-party doctrine when it comes to new technology. Though the decision itself is narrow, applying only to historical cell-site location information, the majority opinion outlines a framework for determining when the third-party doctrine does not apply. Lower courts have largely ignored this framework, sticking to the specific holding and factual circumstances of Carpenter.

This Note argues that the Carpenter framework can and should apply to most information held by internet service providers about their users. Expanding upon scholarly work that has already recognized the importance of this decision, this Note contends that the Carpenter framework can reach three types of information held by internet service providers: (1) histories of IP addresses; (2) real-time collection of IP addresses; and (3) basic subscriber information. This Note concludes that lower courts would be justified in applying this framework to new facts and requiring that law enforcement obtain a warrant founded on probable cause before collecting these types of information.