<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE article PUBLIC "-//NLM//DTD Journal Publishing DTD v3.0 20080202//EN" "http://dtd.nlm.nih.gov/publishing/3.0/journalpublishing3.dtd">
<article xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" dtd-version="3.0" xml:lang="en" article-type="research article">
 <front>
  <journal-meta>
   <journal-id journal-id-type="publisher-id">
    jis
   </journal-id>
   <journal-title-group>
    <journal-title>
     Journal of Information Security
    </journal-title>
   </journal-title-group>
   <issn pub-type="epub">
    2153-1234
   </issn>
   <issn publication-format="print">
    2153-1242
   </issn>
   <publisher>
    <publisher-name>
     Scientific Research Publishing
    </publisher-name>
   </publisher>
  </journal-meta>
  <article-meta>
   <article-id pub-id-type="doi">
    10.4236/jis.2024.154033
   </article-id>
   <article-id pub-id-type="publisher-id">
    jis-136925
   </article-id>
   <article-categories>
    <subj-group subj-group-type="heading">
     <subject>
      Articles
     </subject>
    </subj-group>
    <subj-group subj-group-type="Discipline-v2">
     <subject>
      Computer Science 
     </subject>
     <subject>
       Communications
     </subject>
    </subj-group>
   </article-categories>
   <title-group>
    Ending Privacy’s Gremlin: Stopping the Data-Broker Loophole to the Fourth Amendment’s Search Warrant Requirement
   </title-group>
   <contrib-group>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Samantha B.
      </surname>
      <given-names>
       Larkin
      </given-names>
     </name>
    </contrib>
    <contrib contrib-type="author" xlink:type="simple">
     <name name-style="western">
      <surname>
       Shakour
      </surname>
      <given-names>
       Abuzneid
      </given-names>
     </name>
    </contrib>
   </contrib-group> 
   <aff id="affnull">
    <addr-line>
     aDepartment of Cybersecurity, Roger Williams University, Bristol, USA
    </addr-line> 
   </aff> 
   <pub-date pub-type="epub">
    <day>
     01
    </day> 
    <month>
     08
    </month>
    <year>
     2024
    </year>
   </pub-date> 
   <volume>
    15
   </volume> 
   <issue>
    04
   </issue>
   <fpage>
    589
   </fpage>
   <lpage>
    611
   </lpage>
   <history>
    <date date-type="received">
     <day>
      8,
     </day>
     <month>
      September
     </month>
     <year>
      2024
     </year>
    </date>
    <date date-type="published">
     <day>
      26,
     </day>
     <month>
      September
     </month>
     <year>
      2024
     </year> 
    </date> 
    <date date-type="accepted">
     <day>
      26,
     </day>
     <month>
      October
     </month>
     <year>
      2024
     </year> 
    </date>
   </history>
   <permissions>
    <copyright-statement>
     © Copyright 2014 by authors and Scientific Research Publishing Inc. 
    </copyright-statement>
    <copyright-year>
     2014
    </copyright-year>
    <license>
     <license-p>
      This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/
     </license-p>
    </license>
   </permissions>
   <abstract>
    Advances in technology require upgrades in the law. One such area involves data brokers, which have thus far gone unregulated. Data brokers use artificial intelligence to aggregate information into data profiles about individual Americans derived from consumer use of the internet and connected devices. Data profiles are then sold for profit. Government investigators use a legal loophole to purchase this data instead of obtaining a search warrant, which the Fourth Amendment would otherwise require. Consumers have lacked a reasonable means to fight or correct the information data brokers collect. Americans may not even be aware of the risks of data aggregation, which upends the test of reasonable expectations used in a search warrant analysis. Data aggregation should be controlled and regulated, which is the direction some privacy laws take. Legislatures must step forward to safeguard against shadowy data-profiling practices, whether abroad or at home. In the meantime, courts can modify their search warrant analysis by including data privacy principles.
   </abstract>
   <kwd-group> 
    <kwd>
     Access Control
    </kwd> 
    <kwd>
      Access Rights
    </kwd> 
    <kwd>
      Artificial Intelligence
    </kwd> 
    <kwd>
      Consumer Behavior
    </kwd> 
    <kwd>
      Consumer Protection
    </kwd> 
    <kwd>
      Criminal Law
    </kwd> 
    <kwd>
      Data Brokers
    </kwd> 
    <kwd>
      Data Handling
    </kwd> 
    <kwd>
      Data Privacy
    </kwd> 
    <kwd>
      Data Processing
    </kwd> 
    <kwd>
      Data Profiling
    </kwd> 
    <kwd>
      Digital Forensics
    </kwd>
   </kwd-group>
  </article-meta>
 </front>
 <body>
  <sec id="s1">
   <title>1. Introduction</title>
   <p>This paper discusses a growing policy concern in the “data profiling loophole,” where investigators can buy data online without a search warrant. Three topics converge in reviewing the data-profiling loophole: individual privacy rights, national security, and artificial intelligence. Privacy concerns are implicated when data aggregation is beyond the limited and specific purpose of initial collection, bundled together, and sold online in data profiles. Data profiles present risks to consumers and violate privacy expectations, which impacts the legal standard for permissible search warrants under the Fourth Amendment. By purchasing data profiles in lieu of forcing a third party to relinquish the information, the government can evade the requirement of a warrant under the law regarding searches. Threat actors abroad can do the same, which is inherently hazardous to national security. Artificial intelligence is how individual data sets are combined into profiles. With the potential risks flowing from the data-profiling loophole, legislatures must protect their citizens from data misuse regardless of the actor’s identity. Lawmakers should be equally concerned about exploits by domestic government agencies as foreign actors.</p>
   <p>This article primarily explores the proper handling of data according to privacy principles derived from the U.S. Constitution and private sector laws. Data privacy, which is the informational security of every American, is a national security issue, and any future laws aimed at foreign threat actors should be broad enough to encapsulate the behavior of the domestic government.</p>
   <p>Recommendations for future considerations include legislative action and judicial inclusion of private sector laws in search warrant analysis. Legislation could be aimed at the government, at data brokers, or at the tools of data brokers. New laws can directly limit what law enforcement can collect, what data brokers can buy and sell, and what information businesses can collect generally. To better secure data privacy, data brokers need to be regulated. In the absence of laws that are on point, other options exist for tightening the gaps in informational security that allow the data-broker loophole. In particular, courts can constrict the standard under the Fourth Amendment.</p>
   <p>Part I of this piece explains the creation and purpose of privacy, including the sibling doctrines of data privacy and privacy under the Fourth Amendment, and it provides background on data profiling and artificial intelligence. Part II of this piece discusses how the legal loophole was created for the search requirement and the initial legislation introduced to stop it. Part III of this piece makes recommendations to close the data-broker loophole by refinement of judicial tests that embrace data privacy laws in the search warrant analysis and by adopting a data privacy per se rule. Even without express legislation, the data-broker loophole can be closed. Here is the glossary of definitions and terms:</p>
   <p>Data profiling, or “data archeology,” refers to data aggregation for analysis <xref ref-type="bibr" rid="scirp.136925-1">
     [1]
    </xref>.</p>
   <p>Person refers to an individual or entity <xref ref-type="bibr" rid="scirp.136925-2">
     [2]
    </xref>.</p>
   <p>Sensitive personal data is defined as covered personal identifiers, geolocation and related sensor data, biometric identifiers, personal health data, personal financial data, and other data <xref ref-type="bibr" rid="scirp.136925-2">
     [2]
    </xref>. Sensitive data does not include any data that is publicly available, such as in a court or government record, which is lawfully available, such as for public use or personal communications <xref ref-type="bibr" rid="scirp.136925-2">
     [2]
    </xref>.</p>
   <p>Access refers to “logical or physical access, including the ability to obtain, read, copy, decrypt, edit, divert, release, affect, alter the state of, or otherwise view or receive, in any form, including through information technology systems, cloud computing platforms, networks, security systems, equipment or software” <xref ref-type="bibr" rid="scirp.136925-2">
     [2]
    </xref>.</p>
   <p>Bulk refers to “an amount of sensitive personal data that meets or exceeds a threshold over a set time” <xref ref-type="bibr" rid="scirp.136925-2">
     [2]
    </xref>.</p>
   <p>Surveillance capitalism is defined as “an economic system built on the secret extraction and manipulation of human data” <xref ref-type="bibr" rid="scirp.136925-3">
     [3]
    </xref>.</p>
  </sec><sec id="s2">
   <title>2. What Is Privacy?</title>
   <p>Privacy is a mythical creature. The term may signal an ideal state of reclusion, but it is also an umbrella expression for several concepts. Privacy’s two most relevant contexts here are data privacy and an individual’s right to be free from unreasonable searches and seizures, which the Fourth Amendment prohibits. Privacy’s purpose is debatable, but some have framed it as “boundary management” <xref ref-type="bibr" rid="scirp.136925-4">
     [4]
    </xref>. Generally, privacy is concerned with empowering individuals to control their security, information, and access to their information. Privacy is also a human right, as stated in Article 12 of the 1948 United Nations Declaration on Human Rights <xref ref-type="bibr" rid="scirp.136925-5">
     [5]
    </xref>.</p>
   <p>The Constitution is the original fountain of American privacy rights. The Constitution provides several “zones of privacy” embedded in different clauses and amendments, as explained by Justice Douglas in Griswold v. Connecticut <xref ref-type="bibr" rid="scirp.136925-6">
     [6]
    </xref>. These provisions bridge the bodily, territorial, informational, and communications ideas of privacy found within <xref ref-type="bibr" rid="scirp.136925-6">
     [6]
    </xref>. For example, the Fourth Amendment safeguards the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” <xref ref-type="bibr" rid="scirp.136925-7">
     [7]
    </xref>. This provision protects individuals by preventing the government, during investigations, from unreasonably trespassing on property, invading bodies, unlawfully obtaining information, and intercepting communications <xref ref-type="bibr" rid="scirp.136925-6">
     [6]
    </xref>.</p>
   <p>Privacy as a term was first conceived in a law review article in 1890 by Samuel D. Warren and (pre-Justice) Louis D. Brandeis, who defined privacy as “the right to be let alone” <xref ref-type="bibr" rid="scirp.136925-8">
     [8]
    </xref>. In the 1960s, renowned Professor Prosser then adapted the ideas of Warren and Brandeis into four common law torts <xref ref-type="bibr" rid="scirp.136925-9">
     [9]
    </xref>. These included intrusion upon seclusion, public disclosure of a private fact, depiction in a false light, and misappropriation of name or likeness <xref ref-type="bibr" rid="scirp.136925-9">
     [9]
    </xref>. In sum, privacy became a broad term for informational control, bodily integrity, territorial management, and communications protections <xref ref-type="bibr" rid="scirp.136925-5">
     [5]
    </xref>. Data privacy laws then sprung up in related economic sectors as technology became intrusive <xref ref-type="bibr" rid="scirp.136925-5">
     [5]
    </xref>.</p>
   <p>In the criminal context, privacy was shaped by Justice Brandeis in 1928, who presented his views in his dissenting opinion of Olmstead v. United States <xref ref-type="bibr" rid="scirp.136925-10">
     [10]
    </xref>. This iconic critique would then be adopted into law as the foundation of the test under the Fourth Amendment in Katz v. United States <xref ref-type="bibr" rid="scirp.136925-11">
     [11]
    </xref>. The Fourth Amendment controls search warrants as an essential aspect of criminal procedure. Traditionally, a search is presumptively unreasonable inside the home absent exigent circumstances <xref ref-type="bibr" rid="scirp.136925-12">
     [12]
    </xref>. To determine when the Fourth Amendment allows a reasonable search outside the home, the Supreme Court, leaning on Brandeis’ dissent in Olmstead, formulated a privacy-based approach centered on the individual <xref ref-type="bibr" rid="scirp.136925-11">
     [11]
    </xref> <xref ref-type="bibr" rid="scirp.136925-13">
     [13]
    </xref>. Absent a territorial invasion; the Katz test determines that a search occurs when “the government violates a subjective expectation of privacy [held by a defendant] that society recognizes as reasonable” <xref ref-type="bibr" rid="scirp.136925-13">
     [13]
    </xref>. Privacy expectations, therefore, flow from the individual’s perspective and manifestation, and the test requires conditional approval by society of those expectations <xref ref-type="bibr" rid="scirp.136925-13">
     [13]
    </xref>.</p>
   <sec id="s2_1">
    <title>2.1. Data Privacy</title>
    <p>Data privacy laws govern personal information. Data privacy has evolved into an arena of technical compliance and data security requirements, many of which are outdated swiftly after the laws are enacted. Both data privacy rights and individual privacy rights from other sources are implicated by the threats posed by unmitigated artificial intelligence and data misuse like data profiling <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. President Biden forewarned in his Executive Order on Artificial Intelligence that “Americans’ privacy and civil liberties must be protected as AI continues advancing” <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. Privacy concerns will likely be a focus in any future legislation on the uses of artificial intelligence. Moreover, congressional appetites have recently increased for an omnibus data privacy law at the national level <xref ref-type="bibr" rid="scirp.136925-15">
      [15]
     </xref>.</p>
    <p>Data privacy protections have been in development since the 1970s with standards grounded in the “Fair Information Practices” (or “FIPs”) <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. The FIPs include the following floors: there must be a specified purpose to the data collection; collection of data must be limited to that purpose; use of the collected data must be limited to that purpose; the data must retain its quality and integrity without modification; security safeguards must be in place to protect against the data’s unauthorized use or access; there must be openness in the data process; natural people have the right to participate and control their data; and there must be accountability by those that collect and process the data <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. The FIPs guide any future acts involving data privacy. The United States has already incorporated the FIPs into major legislation but does so at the sectoral level for each industry, resulting in a patchwork of different laws <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>.</p>
    <p>The federal government is subject to the Privacy Act of 1974, which requires limited purpose and use of information <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. Meanwhile, Europe has taken an all-encompassing approach to the General Data Protection Regulation (GDPR), which incorporates all the FIPs <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. Moreover, this law promulgates a new suite of privacy rights <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. European residents now have the right to access data, the right to correct, the right to erasure, the right to restrict processing of their data, the right to data portability, the right to object to all processing, the right to non-discrimination in exercising privacy rights, and the right to refuse automated processing <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. That last right means they can reject artificial intelligence handling their data, although some exceptions carve out permissible purposes. California has embraced much of the same content in GDPR in its comprehensive legislation called the California Consumer Privacy Act (CCPA) <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. California more recently enacted The Delete Act, which gives Californians the right to request erasure across platforms and systems with a universal opt-out mechanism <xref ref-type="bibr" rid="scirp.136925-16">
      [16]
     </xref>.</p>
    <p>The FIPs and broader privacy rights should be enumerated in any future federal A.I. legislation, and the FIPs are the key to understanding much of what President Biden espoused in his Order on AI. Additionally, President Biden released a “Blueprint for an A.I. Bill of Rights” <xref ref-type="bibr" rid="scirp.136925-17">
      [17]
     </xref>. This prescription echoes the rights and language of the GDPR and CCPA <xref ref-type="bibr" rid="scirp.136925-17">
      [17]
     </xref>. Artificial intelligence will likely run afoul of privacy and other intangible rights, so data privacy protections will go hand-in-hand with regulating AI.</p>
   </sec>
   <sec id="s2_2">
    <title>2.2. Validity of Search Warrants</title>
    <p>Search warrants are subject to a Fourth Amendment analysis for validity in a court of law <xref ref-type="bibr" rid="scirp.136925-12">
      [12]
     </xref>. The Fourth Amendment safeguards the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” <xref ref-type="bibr" rid="scirp.136925-7">
      [7]
     </xref>. The U.S. Supreme Court has enumerated two main tests to determine when a search occurs, requiring a warrant: the physical intrusion test and the Katz test <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>.</p>
    <p>The physical-intrusion test is a “simple baseline” of the Fourth Amendment, resting on property interests <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>. The government conducts a search when physically entering an area sacred to the Constitution to collect information for a police investigation <xref ref-type="bibr" rid="scirp.136925-19">
      [19]
     </xref>. “When the government physically invades personal property to gather information, a search occurs” <xref ref-type="bibr" rid="scirp.136925-19">
      [19]
     </xref>. The Fourth Amendment favors the home as “a first amongst equals,” and its protections extend to the close surroundings of the home or “curtilage” <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>. This approach is intended to “draw a ‘firm line at the entrance to the house,’” which “must be not only firm but also bright” <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. Yet, if a person intends to display something openly in plain sight, a search does not occur <xref ref-type="bibr" rid="scirp.136925-11">
      [11]
     </xref>.</p>
    <p>The Katz test evolved as a supplement to the property-based test for areas outside the home <xref ref-type="bibr" rid="scirp.136925-19">
      [19]
     </xref>. Under a privacy-based approach, “[A] Fourth Amendment search occurs when the government violates a subjective expectation of privacy that society recognizes as reasonable” <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. Non-trespassory collections of electronic information are subject to the Katz test <xref ref-type="bibr" rid="scirp.136925-19">
      [19]
     </xref>. The first prong is a subjective component manifested by the defendant, and the second prong casts a broad and objective net on whatever society at large might be willing to accept as a privacy concern <xref ref-type="bibr" rid="scirp.136925-19">
      [19]
     </xref>.</p>
    <p>A person is generally acknowledged to have a reasonable expectation of privacy in their location and movements <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. While this expectation can be undermined by sharing the information with a third party, the sharing must be voluntary and require affirmative action on the part of the individual <xref ref-type="bibr" rid="scirp.136925-21">
      [21]
     </xref>. Additionally, while a person’s reasonable expectation of privacy may be weakened by traveling on public roadways, the facts and circumstances of the police surveillance of the individual will ultimately inform whether there was a violation of an individual’s privacy <xref ref-type="bibr" rid="scirp.136925-22">
      [22]
     </xref>.</p>
    <p>The Supreme Court has also formulated a standard regarding technology’s impact on privacy rights under the Fourth Amendment <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. “Where, as here, the Government uses a device that is not in general public use to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a ‘search’ and is presumptively unreasonable without a warrant” <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. As Justice Scalia clarified in Florida v. Jardines, the Kyllo test prohibits searches with devices not in general public use when the information could only have been obtained with a trespass and physical intrusion upon the property under the protection of the Fourth Amendment <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>.</p>
    <p>Further, in Carpenter v. United States, the Supreme Court narrowed the third-party doctrine, finding that individuals have a reasonable expectation of privacy in their data obtained from cellphone towers, otherwise known as cell-site location information (CSLI) <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. As the court explained, each cellphone seeks to connect to the nearest cellphone tower by “pinging,” which creates a location-based time stamp or CSLI data <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. The Supreme Court asserted gathering historic CSLI evidence requires a search warrant because “allowing government access to cell-site records contravenes that expectation” of privacy <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. Such data “provides an intimate window into a person’s life,” and the tracking of a cellphone provides “near perfect surveillance” <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. Thus, data provided to third parties that reveal intense and intimate details would be subject to a search warrant <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. Moreover, lower courts have held that an individual does not “forfeit the expectation his property would remain private simply because he did not erect an impregnable barrier to access” <xref ref-type="bibr" rid="scirp.136925-23">
      [23]
     </xref>.</p>
    <p>As “fruits of the poisonous tree,” the exclusionary rule requires evidence gained from an unlawful search and seizure to be deemed inadmissible in a court of law <xref ref-type="bibr" rid="scirp.136925-24">
      [24]
     </xref>. In other words, if a search is defective, the evidence obtained as a result must be excluded from use at trial <xref ref-type="bibr" rid="scirp.136925-25">
      [25]
     </xref>. One day, the Supreme Court may be forced to enumerate that a search occurs when data profiling information has been bought and any resulting evidence must be excluded. Still, no such decision has yet been rendered in the loophole.</p>
   </sec>
   <sec id="s2_3">
    <title>2.3. Data Profiling &amp; Artificial Intelligence</title>
    <p>Recently, President Biden issued data profiling directives detailing the known risks and threats that foreign actors pose to national security when they obtain such data <xref ref-type="bibr" rid="scirp.136925-2">
      [2]
     </xref>. This Executive Order sets the policy of the United States to restrict “bulk sensitive data” (BDS) from “countries of concern” <xref ref-type="bibr" rid="scirp.136925-2">
      [2]
     </xref>. While President Biden focused on foreign actors and countries, the order highlights the sensitivity of data concerning American individuals and the dangers of misuse <xref ref-type="bibr" rid="scirp.136925-2">
      [2]
     </xref>.</p>
    <p>President Biden has also issued an executive order on artificial intelligence, thereby tasking federal agencies to research and develop approaches and regulations for artificial intelligence in general public use and by the government. In his Executive Order, President Biden instructed the federal government to begin developing AI guidance, standards, and safeguards <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. This could lead to the federal government enacting legislation to employ AI in agencies and in the courts. Data profiling and artificial intelligence can possibly be addressed within the same legislation because data profiling utilizes artificial intelligence. Understanding how data profiling and artificial intelligence work is key to recommending related policies and solutions and the interplay with search warrants in government investigations.</p>
    <p>Data sets are often collected, bought, and sold for consumer monitoring and “prediction analytics” <xref ref-type="bibr" rid="scirp.136925-26">
      [26]
     </xref>. “Web-scrapping” occurs when data brokers comb the internet, including social media websites, for consumer information <xref ref-type="bibr" rid="scirp.136925-27">
      [27]
     </xref>. “Behavior targeting” is the process by which companies use these profiles to advertise specialized services in accordance with the trends in the data <xref ref-type="bibr" rid="scirp.136925-28">
      [28]
     </xref>. Such information about persons and their behavior is collected by cookies from browser interactions, by spyware installed with software, and by deep packet inspection (DPI) <xref ref-type="bibr" rid="scirp.136925-28">
      [28]
     </xref>. DPI is also accomplished with software development kits rooted in downloadable applications for mobile technology <xref ref-type="bibr" rid="scirp.136925-29">
      [29]
     </xref>. As some scholars have suggested, the collection of information from wearable technology, such as Fitbits, may be even more offensive to the Fourth Amendment, because the data is even more sensitive and revealing when worn on the body, which exposes movement and intimate details like heart rate and fitness activities <xref ref-type="bibr" rid="scirp.136925-30">
      [30]
     </xref>.</p>
    <p>Location information is an attractive subset of data coveted in data profiles <xref ref-type="bibr" rid="scirp.136925-31">
      [31]
     </xref>. Location data can provide details about a person’s daily commute, what stores they shop at, whose homes they visit, what doctors or clinics attend, etc <xref ref-type="bibr" rid="scirp.136925-31">
      [31]
     </xref>. Location can cater to the economic demand for Strawberry Pop-Tarts and beer before a hurricane <xref ref-type="bibr" rid="scirp.136925-32">
      [32]
     </xref>. Other types of information, such as pregnancy status, are equally appealing for retailers to target consumers with directed advertisements <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. Some commentators refer to predictive analytics as “big data” or using artificial intelligence to analyze large data sets <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>.</p>
    <p>Police use of big data has been documented in predictive criminal assessments, mass surveillance, and DNA databases <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. “Location intelligence” is the law enforcement use of location data <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. Crime analysis is one use of location intelligence, and government investigators find location information helpful in identifying phones in the area of activity to sweep a pool of suspects, potentially implicating innocent bystanders <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. At least one government agency, U.S. Customs and Border Patrol (CBP), has contracted with a data profiling firm called Venntel <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. Venntel obtains its smartphone-user data from various sources, including ad firms and weather apps <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. CBP has used Venntel’s services to identify mobile device locations within a selected area or to identify a specific user of a device <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. However, it is likely that the individual never intended or was aware that CBP would obtain their data this way. Indeed, American data yields hearty business for data brokers, who have no deterrent to refrain from selling to the government.</p>
    <p>Artificial intelligence is “a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations or decisions influencing real or virtual environments” <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. People have bandied about artificial intelligence for decades, discussing its looming ascendancy and utility <xref ref-type="bibr" rid="scirp.136925-35">
      [35]
     </xref>. Yet recently, the world has been exploding with AI chatter <xref ref-type="bibr" rid="scirp.136925-36">
      [36]
     </xref>. The animating energy from this latest wave of interest in AI radiates from the release of “generative” and “large language model” (LLM) AI for public use <xref ref-type="bibr" rid="scirp.136925-36">
      [36]
     </xref>. Generative means they spawn “fresh, new” content. As a subset of the generative family, LLMs write new textual material <xref ref-type="bibr" rid="scirp.136925-36">
      [36]
     </xref>. In practice, LLMs are fun new internet toys with risks that are yet to be fully understood. “Artificial general intelligence” (or A.G.L.), the white whale in the sea of unpublished AI research, is essentially machine thinking on par with humans <xref ref-type="bibr" rid="scirp.136925-37">
      [37]
     </xref>. However, neither A.G.L nor “Artificial Super Intelligence,” which is machine thinking superior to that of humans, are the intended primary targets of the AI Executive Order <xref ref-type="bibr" rid="scirp.136925-37">
      [37]
     </xref>.</p>
    <p>All these noted AI forms belong to the genus of machine learning <xref ref-type="bibr" rid="scirp.136925-37">
      [37]
     </xref>. “Machine learning programs use mathematical formulations to perform tasks and are coded to improve their ability to perform those tasks when given additional information” <xref ref-type="bibr" rid="scirp.136925-37">
      [37]
     </xref>. Machine learning has swiftly advanced and is pushing progress across industries <xref ref-type="bibr" rid="scirp.136925-37">
      [37]
     </xref>. However, present AI technology might not yet be ready for mass utilization and is still vulnerable to serious manipulation <xref ref-type="bibr" rid="scirp.136925-38">
      [38]
     </xref>. The Federal Trade Commission (FTC) has warned that AI is riddled with design flaws, contaminated with bias and discrimination, and incentivized by “commercial surveillance creep” <xref ref-type="bibr" rid="scirp.136925-39">
      [39]
     </xref>. Additionally, specific models, like ChatGPT, have been known to “hallucinate” or manufacture inaccurate facts. An AI hallucination has also created a sexual harassment scandal, sullying the reputation of an innocent law professor.</p>
    <p>Data profiling is becoming dependent on AI. Another type of data AI collects is biometrics, which concerns individuals’ physical or biological identifying characteristics <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. Clearview AI is a renowned aggregator of biometrics <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. Biometric data includes facial recognition, fingerprints, iris scans, and other data obtained by authentication methods <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. Clearview AI engages in web scraping against social network policies and often takes images <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. At least one government agency, U.S. Immigration and Customs Enforcement (ICE), has contracted with Clearview AI <xref ref-type="bibr" rid="scirp.136925-34">
      [34]
     </xref>. This implies that the government uses AI to hunt unauthorized individuals within the United States through their sensitive biometric data. This means a disproportionate impact on immigrant communities and a clear threat to privacy and civil liberties.</p>
    <p>Protecting privacy and civil liberties, whether from threat actors or the government, are priorities for the White House in regulating AI <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. As President Biden cautions, “Artificial intelligence (A.I.) holds extraordinary potential for both promise and peril” <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. Feasibly, AI can crack critical problems to beneficially create a “more prosperous, productive, innovative, and secure” world <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. Possible risks from AI include “irresponsible use [which] could exacerbate societal harms” <xref ref-type="bibr" rid="scirp.136925-14">
      [14]
     </xref>. Law enforcement’s workaround to the search warrant requirement could be one such irresponsible use, directly impacting privacy rights. Accordingly, AI and its potential use in data profiling are whisking society into a new paradigm requiring human review and oversight to protect individual rights.</p>
   </sec>
  </sec><sec id="s3">
   <title>3. The Data Profiling Loophole to the Search Warrant Requirement of the Fourth Amendment</title>
   <p>Once upon a time, in the early 2000s, Americans were distraught at the idea that large data sets about individuals could be collected to predict behavior <xref ref-type="bibr" rid="scirp.136925-40">
     [40]
    </xref>. Americans were upset that their transactional, travel, and email histories would be aggregated by data brokers and sold in data profiles <xref ref-type="bibr" rid="scirp.136925-40">
     [40]
    </xref>. But today, data profiling is a commercial mainstay, creating informational sketches of individual consumers by stringing together their online activities <xref ref-type="bibr" rid="scirp.136925-41">
     [41]
    </xref>. Personal information collection has been an ever-present tradeoff for convenient and quick technological access.</p>
   <p>The data-broker loophole, however, should offend proponents of the Fourth Amendment. Police can avoid a search warrant analysis by purchasing select information from data brokers, who provide data profiles of consumers <xref ref-type="bibr" rid="scirp.136925-42">
     [42]
    </xref>. Meanwhile, the internet thrives on the commerce of data <xref ref-type="bibr" rid="scirp.136925-42">
     [42]
    </xref>. Consumers shed data daily, which naturally falls into third-party databases <xref ref-type="bibr" rid="scirp.136925-42">
     [42]
    </xref>. Police purchase this data in the hands of third parties, creating a “loophole” in search warrant analysis <xref ref-type="bibr" rid="scirp.136925-42">
     [42]
    </xref>. The data profiling loophole can be closed by Congress directly bundled with other legislation or tightened by judicial search warrant analysis controls.</p>
   <sec id="s3_1">
    <title>3.1. How the Loophole Came to Be: The Creation of a Gremlin</title>
    <p>As explained above, investigators have traditionally been required to obtain a search warrant to collect evidence when probable cause exists that a crime has been committed <xref ref-type="bibr" rid="scirp.136925-11">
      [11]
     </xref>. The Electronic Communications Privacy Act of 1986 forbids communication service providers from selling information directly to law enforcement for surveillance <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref> <xref ref-type="bibr" rid="scirp.136925-43">
      [43]
     </xref>. Law enforcement has been stepping around that illegality by purchasing the information from third-party resellers, known as data brokers <xref ref-type="bibr" rid="scirp.136925-44">
      [44]
     </xref>. Data brokers do not come under the definition of covered entities under the statute <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. Because the information is bought—and not coerced or forced from the processor—investigators have operated on the assumption that they do not offend their legal obligations for warrants <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>.</p>
    <p>In 2018, in Carpenter v. United States, the Supreme Court examined the issue of whether a search warrant is required to obtain cell-site location information and whether an individual has a reasonable expectation of privacy when others get their cellphone location information <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. The Court held that an individual does have a reasonable expectation of privacy, even though the information lands in the hands of a third party <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. Despite Carpenter holding that a search warrant is required to obtain such information, the information has been deemed by law enforcement not to offend the opinion, which is dubious <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>.</p>
    <p>Surveillance capitalism should be reined in, as some like the Brennan Center for Justice have advocated <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. Purchased profiles run the risk of racial and religious harm by law enforcement, such as tracking Muslims through prayer apps and following racial activists <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. Additionally, abortion rights have been decimated, and some states may misuse available online reproductive health information to prosecute individuals seeking abortions <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. These harms will increase with the proliferation of artificial intelligence, which will assist in collecting information and identifying individuals, whether by providing quicker results or a more thorough collection of data <xref ref-type="bibr" rid="scirp.136925-33">
      [33]
     </xref>. Personal data can show home or work locations, travel history, and associations <xref ref-type="bibr" rid="scirp.136925-45">
      [45]
     </xref>. The purchase of these intimate details can assist law enforcement in obtaining information that they could only obtain through dragnet operations or invasions of the home or phone, which require search warrants. Data profile purchases by law enforcement are conducted mischievously and without good faith because investigators know this is a legal loophole. The privacy rights of Americans are at risk if no action is taken. The search warrant loophole needs to be closed.</p>
   </sec>
   <sec id="s3_2">
    <title>3.2. The End Is Near for the Loophole</title>
    <p>Stopping the use of the data-profiling loophole will be challenging for legislators because the practice has become ingrained in the habits of law enforcement. As Senator Ron Wyden has warned, “If the government can buy its way around Fourth Amendment due process, there will be few meaningful limits on government surveillance” <xref ref-type="bibr" rid="scirp.136925-45">
      [45]
     </xref>. Limits could soon be imposed on data brokers by two bills on the hill if passed. Firstly, the Fourth Amendment is Not for Sale Act targets the data-broker loophole directly. Secondly, the other law is the American Privacy Rights Act, which could include the FIPs and limitations on data brokers, which have so far been outside legislation.</p>
    <p>A new legislative solution is on the horizon to directly stop the police purchase of online data. In April 2024, the U.S. House of Representatives passed the Fourth Amendment is Not for Sale Act (FAINSA). This bill directly targets the data-broker loophole, which is now in the hands of the U.S. Senate <xref ref-type="bibr" rid="scirp.136925-46">
      [46]
     </xref>. The Act prohibits the government from purchasing data of Americans from data brokers, effectively ending this drama if fully enacted <xref ref-type="bibr" rid="scirp.136925-46">
      [46]
     </xref>. Of course, the data-profiling loophole is a separate concern from the warrantless searches authorized by the Foreign Information Secrecy Act (FISA), which has also just received a vote and renewal by the House in a separate bill, which addresses obtaining data of foreigners abroad and extension of the secretive FISA court <xref ref-type="bibr" rid="scirp.136925-47">
      [47]
     </xref>. Conversely, the passage of FAINSA would close the loophole as it concerns Americans and domestic use by the government.</p>
    <p>President Biden opposes the FAINSA bill partly because it does not deal with the national security piece of sensitive information sold by data brokers to foreign adversaries <xref ref-type="bibr" rid="scirp.136925-48">
      [48]
     </xref>. President Biden also opposes the legislation because it too strictly prohibits the U.S. government from buying “commercially available information,” which is “subject to only narrow, unworkable exceptions” <xref ref-type="bibr" rid="scirp.136925-48">
      [48]
     </xref>. The President may have a valid point of contention: a blanket ban on the government may not be the ideal form of regulation. The government may have some interest and uses not intrinsically harmful in obtaining online information from data brokers. The FAINSA may be too overbroad. While closing the loophole is necessary for search warrants for the risks imposed on the average American, a thorough analysis of other alternatives may be beneficial to ensure that the proper safeguards are put in place to the right extent.</p>
    <p>As proxy wars fueled by the advancement of technology increase online, privacy rights will likely evolve alongside national security and artificial intelligence. The rules, however, cannot be stricter for foreign adversaries than domestic actors behind an official office desk. Congressional attention must be given to the potential harm to individual rights posed by foreign threat actors, unmitigated artificial intelligence, and commercial surveillance. Personal security should become a national priority. Thus, FAINSA should also be amended to include national security concerns in sensitive information. Nonetheless, FAINSA should be passed to protect privacy rights.</p>
    <p>As some scholars have noted, one of the best solutions to eliminating the search warrant loophole would be a national data privacy act on a broad level that encompasses this issue and more. Still, proposed legislation for an omnibus data privacy law like the GDPR has so far been a failure in Congress <xref ref-type="bibr" rid="scirp.136925-26">
      [26]
     </xref>. Nevertheless, a bipartisan bill, the American Privacy Rights Act (APRA) of 2024, gained traction in the current Congress <xref ref-type="bibr" rid="scirp.136925-15">
      [15]
     </xref> <xref ref-type="bibr" rid="scirp.136925-49">
      [49]
     </xref>. The APRA is designed to be a national data privacy rights bill, replacing and supplementing the collage of state and federal laws across sectors, with some exceptions <xref ref-type="bibr" rid="scirp.136925-15">
      [15]
     </xref> <xref ref-type="bibr" rid="scirp.136925-49">
      [49]
     </xref>. The APRA would permit Americans to universally withdraw consent from targeted advertising and empower Americans to “view, correct, export or delete their data and stop its transfer” <xref ref-type="bibr" rid="scirp.136925-49">
      [49]
     </xref>. The APRA, as written in May of 2024, would expressly preempt similar state laws <xref ref-type="bibr" rid="scirp.136925-15">
      [15]
     </xref>. In other words, Americans would be given complete control of their data <xref ref-type="bibr" rid="scirp.136925-49">
      [49]
     </xref>. Representative Cathy McMorris Rodgers promised the law would “establish privacy protections stronger than any state law on the books” <xref ref-type="bibr" rid="scirp.136925-49">
      [49]
     </xref>. APRA would also include a private right of civil action for a plaintiff to sue for harms incurred due to a data breach <xref ref-type="bibr" rid="scirp.136925-50">
      [50]
     </xref>. Should the APRA bill pass, citizen control of their data would be undeniable.</p>
    <p>Many people project that the dominance of artificial intelligence will soon be achieved <xref ref-type="bibr" rid="scirp.136925-51">
      [51]
     </xref>. In response, the government may need to enact legislation to protect civil liberties and civilization very soon. Advocates of APRA suggest that an extensive data privacy law can be enacted concurrently with a bill governing artificial intelligence this year <xref ref-type="bibr" rid="scirp.136925-51">
      [51]
     </xref>. As one such supporter commented, restricting the quantity of data available should be just as possible as restricting data on which to train AI <xref ref-type="bibr" rid="scirp.136925-51">
      [51]
     </xref>. Yet until a data privacy bill is enacted that directly targets the sale of information to and from data brokers, Congress may be more motivated to regulate the artificial intelligence industry as a steamier hot-button issue.</p>
    <p>The best approach could be to regulate data brokers and artificial intelligence to restrain the government’s behavior. Any future federal legislation addressing governmental use of artificial intelligence or data privacy could address this loophole by applying the FIPS. The collection limitation alone could stop the aggregation of extraneous data. Data brokers could be prevented from selling to anyone who is interested in the information outside of advertising as a purpose limitation, which could be tracked by AI.</p>
    <p>Some scholars recommend state and federal experiments in “legal regulatory sandboxes” <xref ref-type="bibr" rid="scirp.136925-52">
      [52]
     </xref>. These can be testing jurisdictions that help understand and apply new AI regulations in smaller batches.</p>
    <p>Another idea is creating a specialized AI and technology court where certified questions can be sent. Much like how appeals in patent cases are taken to the U.S. Court of Appeals for the Federal Circuit <xref ref-type="bibr" rid="scirp.136925-53">
      [53]
     </xref>, a court for AI questions and appeals would promote consistency and predictability in case law, particularly under the Fourth Amendment. Specialized knowledge of judges and the staff in their chambers could be helpful for efficiency and timeliness. To engage the potential of AI in federal courts, the foundation must be solid to ensure privacy and civil rights and to protect against discrimination for natural persons.</p>
    <p>Transparency will be essential to effectuate due process and to reduce discrimination by AI. Nevertheless, protecting individual rights must be a priority. AI could be used to monitor government collection of information, which could yield more credible evidence. Boundary management, including constitutional and statutory rights to privacy, will be a growing area of law as artificial intelligence progresses.</p>
   </sec>
  </sec><sec id="s4">
   <title>4. Recommendations For the Courts to Control the Government Use of Data Profiling to Search</title>
   <p>Absent legislation fixing the loophole, other approaches may cure some of the ills stemming from the data-broker loophole. After all, the danger to civil liberties arising from foreign adversaries targeting individuals by data profiling should apply equally to domestic government agencies under a search warrant analysis. Courts should update their analysis to a new era of data privacy rights. This might be done in two general ways: by tweaking the Katz test or creating a new standalone rule for when a search implicates information protected by a data privacy law. The best solution to patching data profiling under the Fourth Amendment is to look how other sectors have handled intrusive technology. Search warrant analysis does not need to reinvent the wheel on how to handle privacy.</p>
   <sec id="s4_1">
    <title>4.1. Tweaking the Katz Test’s Flawed Approach to Reasonableness in Online Data and Technology</title>
    <p>Some scholars and courts have critiqued the treatment of privacy under Fourth Amendment analysis after Katz, citing faults in two related areas: one, that privacy is deemed a “question of fact rather than a constitutional value,” and two, court interpretations are deemed “out of touch with society’s true expectations of privacy” <xref ref-type="bibr" rid="scirp.136925-54">
      [54]
     </xref>. Judicial guesswork about privacy and how society views privacy should not be a substitute for evidence and a prosecutor’s burden of proof. The courts have at least three options to treat these blemishes: removing society as a factor, compelling a factual burden of proof, or explicitly merging privacy laws into the society analysis.</p>
    <p>For starters, the courts could claw back the phrasing of “society would deem as reasonable” entirely and replace it with “objectively reasonable.” Conceivably, this is a looser test that is unconstrained by the issue of what society believes and puts more control in the judge’s hands to determine what is reasonable in an argument. With experience and wisdom, a judge may have better ideas and expectations of privacy as viewed by fiction than what society conjures up. Conversely, this puts objectivity in the judge’s hands and, likely, the judge’s subjective opinions. Moreover, the courts have entrusted this second prong to “society” for years and are unlikely to walk away from it.</p>
    <p>This is a key component of the problem with the reasonable expectations standard: society may not actually be a good measure. Past decisions imply that the objective prong is what the ideal society would deem reasonable, but there is no recourse if society is misinformed or uniformly unreasonable in rationale. As here, society writ large does not understand its privacy rights and what is given in exchange for a social media login.</p>
    <p>According to Pew Research, society has a cynical view about their privacy online <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. Most Americans admit they do not understand what businesses do with their internet-generated data <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. Many believe they have no control over their data and that their data will be sold without their consent <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. Almost sixty percent of Americans do not bother to read privacy policies online <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. Nearly seventy percent view privacy policies as obstacles to content <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. One-third of white adults fear the theft of personal information or identity online, whereas almost half of Hispanic, black, or Asian adults express this anxiety <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. Only fifteen percent of Americans are “apprehensive” about law enforcement monitoring their activities online, which drops down to ten percent for white people <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>.</p>
    <p>The Pew Research survey also targeted select points related to search warrant issues and law enforcement surveillance: older adults were far more permissive than younger adults in supporting criminal investigations into cell site location information (86% to 57%), forcing the turnover of private communications (61% to 45%), and breaking passcodes to smartphones (68% to 35%) <xref ref-type="bibr" rid="scirp.136925-55">
      [55]
     </xref>. However, these statistics do not accurately reflect all of society, nor are the views themselves informed and reasonable. While many Americans admit they do not know what is going on with their data online and they might approve even unlawful conduct by police investigators, these stats reflect that society might not even understand their rights. These stats also need more context.</p>
    <p>For instance, under the decision in Carpenter, law enforcement would require a warrant for compelling cell-site location information (CSLI) from a third party <xref ref-type="bibr" rid="scirp.136925-20">
      [20]
     </xref>. Did the poll respondents know their Fourth Amendment rights? If confronted with information on what is permissible, would their answers have changed? Of course, most Americans are unlikely to be well-versed in the nuances and perimeters of criminal procedure. The unseen actions of the internet blind society and unaware that not all access to their data is permissible according to the courts. This is why it is so curious that the specter of society is anointed with so much power under the Fourth Amendment. Add in another variable of the internet, wherein Americans admittedly do not fully understand their rights, and the supposition lifts to the surface that society cannot be a cognizant and adequate decision-maker.</p>
    <p>Further, many Americans and even respected jurists like Judge Posner have expressed nonchalance about exposing their data online <xref ref-type="bibr" rid="scirp.136925-56">
      [56]
     </xref>. However, this attitude underestimates unguarded data’s personal and commercial risks, like identity theft, harassment, and social engineering <xref ref-type="bibr" rid="scirp.136925-57">
      [57]
     </xref>. Returning to President Biden’s Executive Order, if the federal government soon recognizes the risk of data misuse by spies <xref ref-type="bibr" rid="scirp.136925-2">
      [2]
     </xref>, indeed, that view should override not only the straw-man’s perspective but also the actual general public’s understanding of data privacy risks when data profiles are sold online. The Fourth Amendment cannot be blind to privacy findings in other contexts. Therefore, courts should rethink society’s preparation and acceptance of reasonableness in light of documented risks that flow from data.</p>
    <p>Alternatively, the courts could fully submit to society’s beliefs, changing the Katz standard to an issue of provable fact. But it should be by more than just survey evidence. A prosecutor would have to establish reasonableness in the eyes of society with valid and comprehensive evidence. Comparably, trademark law requires proof in the general public’s perception of an essential element called “secondary meaning.” Secondary meaning refers to marks that are not inherently distinctive and have developed as a source-identifier in the public’s mind over time <xref ref-type="bibr" rid="scirp.136925-58">
      [58]
     </xref>. Courts look at objective surveys as one of five supportable factors to prove what the public thinks <xref ref-type="bibr" rid="scirp.136925-58">
      [58]
     </xref>. Other factors measure quantity and quality of the public’s understandings from other evidence <xref ref-type="bibr" rid="scirp.136925-58">
      [58]
     </xref>.</p>
    <p>Applied to the search warrant requirement of willingness by society to view subjective expectations as reasonable, not many reasons come to mind to excuse the lack of evidence of what is becoming a triable issue of fact. When Katz was decided in 1967, accessible and practical technology likely did not exist to quantify public opinion. But nowadays, in 2024, prosecution teams must be keen to use technology in some capacity to streamline their tasks, and quantifying opinion is within the pale of government capability. How aware society is of an issue and their attitudes towards it are far more measurable than not in the digital era.</p>
    <p>However, this approach would likely bog down dockets and be impracticable if every search warrant suppression hearing required increased evidentiary burdens. Even further, unless a counterweight was specifically incorporated as well, the concern that the public was uninformed and unreasonable would not be ameliorated. Nevertheless, factual determinations bleeding into search warrant analysis will become even more problematic in the future.</p>
    <p>As a subset of the search warrant analysis, the Kyllo holding offers a refinement of the Katz standard, particularly in terms of technology as investigative equipment <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. This measure is more recent and not effusively litigated yet, but courts risk dangerous precedent from an overbroad reading of “technology” and “general use” under the supplemental Kyllo standard <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. For example, an iPhone is “ubiquitous” and widely used today by the general public. Yet, all potential uses of an iPhone as a smart device cannot fall under Kyllo’s intent. Indeed, they do not: the implied logic of the holding of Jardines and the express text of Justice Kagan’s concurrence in Jardines assured that not all uses fall under the Kyllo standard but the particular “use” at issue <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>. But which uses do?</p>
    <p>Some courts have already decided whether using an iPhone is acceptable as a non-search, finding on threadbare evidence that using an iPhone to see through the tinted glass of an automobile was in general use and, therefore, not an impermissible search <xref ref-type="bibr" rid="scirp.136925-59">
      [59]
     </xref>. To reach this conclusion, the court pointed to online articles that foretold thieves knew of the use to break into cars <xref ref-type="bibr" rid="scirp.136925-59">
      [59]
     </xref>. Should that be enough? Are thieves and reports about thieves sufficiently representative of the public? Likely, the Fourth Amendment did not intend illegality and threat actors to form the basis of governmental control and check on law enforcement. Whether a threat actor’s behavior and abilities constitute general use could be a future issue to be decided by the Supreme Court.</p>
    <p>Indubitably, the “general use” of technology under the Kyllo test will require clarity by future courts. How much the general public knows about how a device is used can likely be demonstrated through statistical analysis, such as survey evidence, which can illuminate the knowledge of the use, the length, and manner of a user’s existence in the public sphere, as well as the geographic and demographic composition of the public’s awareness. Other sources of proof, such as the volume of view counts on public channels, can show actual instances of knowledge of the use at issue. Moreover, technology can address society’s actual beliefs in multiple ways.</p>
    <p>Whether a “use” is within the general public’s understanding should be viewed as a matter of fact to be proven by the state. However, it is doubtful that courts intended search warrant jurisprudence to devolve into trials. Nevertheless, search analyses under Katz and Kyllo bend like pretzels, advancing arguments into the Fourth Amendment, which resemble calls for factual determinations. American courts are likely not equipped to speculate on the idiosyncrasies of all technology or devices and their perceptions fixed within the general public. Society is neither decipherable without evidence, singular in belief, nor necessarily well-informed. Future courts should reconsider the old tests and implement a new baseline to determine factual reasonableness as society and technology update.</p>
    <p>Other scholars have advocated using Justice Brandeis’ dissenting opinion in Olmstead as a baseline for privacy concerns in the face of developing technology, bringing privacy back to its roots <xref ref-type="bibr" rid="scirp.136925-60">
      [60]
     </xref>. After all, informational privacy governance in the private sector and search warrant rights in the criminal realm shared a doctrinal father in Justice Brandeis. Justice Brandeis once wrote, “Decency, security, and liberty alike demand that government officials shall be subjected to the same rules of conduct that are commands to the citizen” <xref ref-type="bibr" rid="scirp.136925-10">
      [10]
     </xref>. Criminal law, then, should be consistent with civil law on privacy. This can be extrapolated to the premise that if a data privacy law commands that certain information be kept private, law enforcement must obtain a warrant.</p>
    <p>Because modern data privacy laws incorporate already vetted concepts and controls, the society-as-built-into-the-law approach could be an adequate gloss to the Katz test. While this may be a patronizing view of society as incapable of neutral and knowledgeable opinions, it still involves reasonableness and adds direction from practices established in the civil sector. Indeed, those who assemble data privacy laws are likely more informed about informational concerns than the general public. Moreover, privacy laws can support a subjective expectation of reasonableness as well. Most importantly, expectations grounded in other laws can support search warrant analysis. Noted in Rakas v. Illinois, property law already serves this purpose:</p>
    <p>Legitimation of expectations of privacy by law must have a source outside of the Fourth Amendment, either by reference to concepts of real or personal property law or to understandings that are recognized and permitted by society. One of the main rights attaching to property is the right to exclude others, see W. Blackstone, Commentaries, Book 2, ch. 1, and one who owns or lawfully possesses or controls property will in all likelihood have a legitimate expectation of privacy by virtue of this right to exclude. Expectations of privacy protected by the Fourth Amendment, of course, need not be based on a common-law interest in real or personal property or on the invasion of such an interest <xref ref-type="bibr" rid="scirp.136925-61">
      [61]
     </xref>.</p>
    <p>Data privacy laws reflect society’s values, and the Fourth Amendment should acknowledge that. These laws also reflect academics, practitioners, and legislators who have intense interests and appetites in ensuring privacy generally. In that light, the courts can step back from emphasizing the “objective” prong of Katz as related to society and look more at what the law of data privacy says privacy is, particularly across subdomains of different laws that touch on technology. After all, many privacy laws have come into existence since Katz was decided in 1967, i.e., the Privacy Act of 1974, the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act (GLBA), Telephone Consumer Protection Act (TCPA), and the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), et al. <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. Indeed, many of these laws rendered deliberate considerations on technology and informational privacy. Some of these acts concern health, financial, and communication information, governing both hardcopy and internet forms of personal information. Several of these acts give specific rights to individuals regarding their personal information, such as notice, access, and consent <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. Only the CCPA grants the right to delete, otherwise known as erasure <xref ref-type="bibr" rid="scirp.136925-62">
      [62]
     </xref>. Some laws provide private rights of action in case of data breach and misuse <xref ref-type="bibr" rid="scirp.136925-5">
      [5]
     </xref>. Data privacy rights embedded in these enactments offer individuals control of their data in the hands of third parties.</p>
    <p>Setting the standard to reflect a search that occurs when a trespass on protected data is not an illogical leap. After all, both the Fourth Amendment and data privacy fixate on privacy and share a logical father. Considering that many data breach laws exist, alongside authorizations for enforcement actions bearing penalties and provisions providing private rights of action, Americans do have some expectations that their data will remain secure and out of the hands of illicit actors and malicious misuse. Imaginably, an approach enveloping data privacy laws would be fairer to a defendant than an uninformed and unreasonable society, whose existence and opinion are a matter of conjecture. Law enforcement efforts would also be supported because generally publicly available information that is affirmatively and voluntarily shared by an individual would still be fair game and consistent with data privacy laws. Additionally, tethering a search to information protected under data privacy would draw a bright line.</p>
    <p>The courts should adopt a new test, the personally identifiable information (PII) per se rule. Courts should declare that a search occurs when an officer obtains information protected from disclosure by privacy laws and the data is not otherwise publicly available. The query then must turn to which data sets are protected and by which laws.</p>
    <p>Yet, absent an omnibus federal law, many data laws are currently inconsistent in their definitions of protected data. Sensitive data is often acknowledged as requiring additional layers of protection, but sensitive data is not universally defined. For example, some statutes include biometric or genetic information as personally identifiable information (PII). In contrast, many others do not, and this is largely a function of outgrowth as the statutes have not caught up to the concepts as technology rages on.</p>
    <p>To compensate for the uneven landscape in the realm of data privacy, the best practices have been to observe the broadest understanding to mitigate risk flowing from data and compliance liability. In other words, the strictest law demands the most attention and receives the most respect. But suppose a universally accepted definition of protected personal information were to be enacted in a federal privacy law, such as APRA, as discussed earlier. In that case, a court should have no problem accepting congressional findings that this information is as worthy a basis, much like property law.</p>
    <p>This test could stand alone, as Katz protects intangible and transient privacy and does not displace property-based interest analysis <xref ref-type="bibr" rid="scirp.136925-18">
      [18]
     </xref>. After all, the Fourth Amendment protects people, not places <xref ref-type="bibr" rid="scirp.136925-11">
      [11]
     </xref>. The Fourth Amendment, however, does not say how and in which way it protects people, beyond their persons, houses, papers, and effects, from unreasonable searches and seizures. Data should be protected as “papers” within the understanding of the Constitution since so much information has moved online, and the digital world has replaced the physical copy. Using the FIPs and laws like the CCPA as guidelines for a judicial test could be the answer to data collection limitations, ensuring data is not misused by overbroad police investigations and securing data of individual Americans. These privacy practices likely will be added to any omnibus data privacy law. Including consideration of the FIPs in search warrant analysis makes sense.</p>
    <p>Furthermore, including data privacy laws in the search warrant analysis is consistent with the “legitimation” principles mentioned in Rakas, as quoted above. Because property law provides a basis to determine when a search occurs chiefly due the right to exclude others from that property, then an individual with the right to control their data, including the right to prevent others from using or selling it, should enjoy that same respect from the Fourth Amendment.</p>
    <p>Notably, it is the existence of the property right to exclude and not whether an individual did in fact tell any police officer to stay out of his house that makes an intrusion upon the home and its immediate surrounding areas per se unreasonable. Unconsented entry is presumed to be offensive. Unconsented secondary handling of data should also be assumed to be offensive. Individuals can control their data under some privacy laws; therefore, Americans have the right to exclude others from obtaining their data under those laws. The Fourth Amendment should see the existence of control in data privacy rights as analogous to the existence of property rights. If the American Privacy Rights Act or its equivalent is ever enacted to give Americans complete control of their data, this view should strengthen.</p>
    <p>On the other hand, a flaw might be the treatment of consent. Consent to disclose data is provided under murkier waters than consent to entry in property law. Because Americans do not see the invisible intrusions to intangible data, because they may not understand to what they are consenting, and because there is no guarantee that the party provided the data is complying with any limitations on that consent absent strict regulations, consent should not be the basis for which to determine if a search occurs.</p>
    <p>Nevertheless, the PII per se rule could provide an easy guideline for determining a bright line. As favored by Justice Scalia, bright lines in criminal procedure are helpful for law enforcement and courts alike <xref ref-type="bibr" rid="scirp.136925-13">
      [13]
     </xref>. Under a PII per se rule, privacy expectations would be presumed, as would reasonableness. The burden of proof would then shift to the government as a rebuttable presumption to show that the information was obtained lawfully within compliance with data privacy laws. This showing could then require the government to prove they received the information in good faith, whether commercially or publicly available. Yet, whether such a PII per se rule would only apply to online informational privacy may be a matter of debate because some data privacy laws also include physical recordings of stored information.</p>
    <p>
     <xref ref-type="bibr" rid="scirp.136925-"></xref>Likely, there will be many more quirks to iron out with search warrant analysis. While the courts can refine search warrant practice through the judicial process, a decision by the Supreme Court to change the standard nationally may take several, if not many, years. Nevertheless, it is time for courts to observe the expectations preserved in data privacy laws corresponding to the same principles entrenched in the Fourth Amendment. After all, Justice Brandeis promoted privacy in both the civil and the criminal realms during his lifetime. The genesis of privacy springs from one source, and the courts should treat data privacy laws as an equal, if not superior, source for Fourth Amendment “legitimation” over property law. Once data privacy is entrenched in the federal code, a PII per se rule could be a much better measure for search warrants for future generations.</p>
   </sec>
  </sec><sec id="s5">
   <title>5. Conclusion</title>
   <p>Modern search warrant requirements may be devolving in utility. While criminal law may be particularly behind in adaptation to technology, many aspects of technology have already been vetted in the private sector. While the average American may need to better assess cybersecurity and data privacy risks, professionals assembled these laws about privacy concerns. Easy access to personal information puts individuals at risk from threat actors abroad and the government. Personal identity can serve as a source of vulnerability for Americans. Currently, that vulnerability is manifesting in the data-broker loophole. If Congress does not enact the Fourth Amendment is Not for Sale Act, it must do more to protect American civil liberties. Should Congress disappoint, the courts need to fine-tune the search warrant analysis to accommodate those failings. The courts may need to adjust their standards regardless. The current test for whether a search has occurred has already grown tired and worn. As technology advances, so must the law.</p>
  </sec>
 </body><back>
  <ref-list>
   <title>References</title>
   <ref id="scirp.136925-ref1">
    <label>1</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     IBM. What Is Data Profiling? &gt;https://www.ibm.com/topics/data-profiling
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref2">
    <label>2</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern, Exec. Order No. 14117, 89 Fed. Reg. 15429, 15421-22, 15428-29 (Mar. 1, 2024). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref3">
    <label>3</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rahnama, H. and Pentland, A.S. (2022) The New Rules of Data Privacy. Harvard Business Review. &gt;https://hbr.org/2022/02/the-new-rules-of-data-privacy
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref4">
    <label>4</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Cohen, J.E. (2013) What Privacy Is for. Harvard Law Review, 126, 1904-1905.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref5">
    <label>5</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Swire, P. and Kennedy-Mayo, D. (2020) U.S. Private-Sector Privacy: Law and Practice for Information Privacy Professionals. International Association of Privacy Professionals, 3, 2, 219, 21, 43, 391, 398-402, 147, 42-44, 4-7, 177-178. 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref6">
    <label>6</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Griswold v. Connecticut, 381 US 479, 484 (1965). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref7">
    <label>7</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     The Fourth Amendment Protects Individuals from Unreasonable Searches and Seizures. U.S. Const. Amend. IV. 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref8">
    <label>8</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Warren, S.D. and Brandeis, L.D. (1890) The Right to Privacy. Harvard Law Review, 4, 193-220. &gt;https://doi.org/10.2307/1321160
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref9">
    <label>9</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Prosser, W.L. (1960) Privacy. California Law Review, 48, 383-423. &gt;https://doi.org/10.2307/3478805
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref10">
    <label>10</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Olmstead v. United States, 277 U.S. 438, 478, 485 (1928) (Brandeis, J., Dissenting). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref11">
    <label>11</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Katz v. United States, 389 U.S. 347, 351 (1967). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref12">
    <label>12</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Payton v. New York, 445 U.S. 573, 586-90 (1980). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref13">
    <label>13</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kyllo v. United States, 533 U.S. 27, 33, 40 (2001). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref14">
    <label>14</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, Exec. Order No. 14110, 88 Fed. Reg. 75191, 75193 (Quoting 15 U.S.C. § 9401(3)), 75191-93, 75196 (Oct. 30, 2023). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref15">
    <label>15</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Congressional Research Service (2024) The American Privacy Rights Act. CRS Re-ports. &gt;https://crsreports.congress.gov/product/pdf/LSB/LSB11161
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref16">
    <label>16</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     CPPA Applauds Governor Newsom for Approving the California Delete Act (2023) California Privacy Protection Agency. &gt;https://cppa.ca.gov/announcements/2023/20231011.html
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref17">
    <label>17</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Blueprint for A.I. Bill of Rights: Making Automated Systems Work for the American People. The White House. &gt;https://www.whitehouse.gov/ostp/ai-bill-of-rights/ 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref18">
    <label>18</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Florida v. Jardines, 569 U.S. 1, 5, 6-7, 11 (2013); Id. at 12 (Kagan, J., Concurring). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref19">
    <label>19</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     United States v. Jones, 565 U.S. 400, 409-14 (2012). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref20">
    <label>20</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Carpenter v. United States, 585 U.S. 296, 311 (2018). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref21">
    <label>21</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Smith v. Maryland, 442 U.S. 735 (1979). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref22">
    <label>22</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     United States v. Knotts, 460 U.S. 276 (1983). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref23">
    <label>23</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     People v. Camacho, 3 P.3d 878, 885 (Cal. 2000).
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref24">
    <label>24</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wong Sun v. United States, 371 U.S. 471, 488 (1963).
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref25">
    <label>25</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     United States v. Leon, 468 U.S. 897, 906 (1984).
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref26">
    <label>26</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Reid, C. (2024) The Fourth Amendment Covers “Fog Reveal”: Not the Other Way Around. Wake Forest Journal of Law and Policy, 14, 127, 128, 142.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref27">
    <label>27</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Doktor, M. (2020) Facial Recognition and the Fourth Amendment in the Wake of Carpenter v. United States. University of Cincinnati Law Review, 89, 552, 555.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref28">
    <label>28</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Berger, D.D. (2011) Balancing Consumer Privacy with Behavioral Targeting. Santa Clara Computer and High Technology Law Journal, 27, 3, 6-7.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref29">
    <label>29</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stemler, A. (2022) Privacy&amp;Antitrust Reform: How to Avoid the Starfish Problem. Notre Dame Law Review Reflection, 97, 417-429.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref30">
    <label>30</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rodis, A. (2020) Fitbit Data and the Fourth Amendment: Why the Collection of Data from a Fitbit Constitutes a Search and Should Require a Warrant in Light of Carpenter v. United States. William and Mary Bill of Rights Journal, 29, 533, 551.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref31">
    <label>31</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Thompson, S. and Warzel, C. (2019) Twelve Million Phones, One Dataset, Zero Privacy. The New York Times. &gt;https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref32">
    <label>32</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Joh, E.E. (2014) Policing by Numbers: Big Data and the Fourth Amendment. Washington Law Review, 89, 35-68.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref33">
    <label>33</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Ayoub E. and Goitein, E. (2024) Closing the Data Broker Loophole: Congress Must Pass Legislation That Prohibits Government Agencies from Buying Its Way around the Fourth Amendment and Other Legal Privacy Protections. Brennan Center for Justice. &gt;https://www.brennancenter.org/our-work/research-reports/closing-data-broker-loophole
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref34">
    <label>34</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Shenkman, C., Franklin, S.B., Nojeim, G. and Thakur, D. (2021) Legal Loopholes and Data for Dollars: How Law Enforcement and Intelligence Agencies Are Buying Your Data from Brokers. Center for Democracy and Technology, 23, 24, 11, 34.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref35">
    <label>35</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Surden, H. (2014) Machine Learning and Law. Washington Law Review, 89, 87.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref36">
    <label>36</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Heilweil, R. (2023) What Is Generative AI, and Why Is It Suddenly Everywhere. Vox. &gt;https://www.vox.com/recode/2023/1/5/23539055/generative-ai-chatgpt-stable-diffusion-lensa-dall-e
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref37">
    <label>37</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Wang, M. (2023) Use of Artificial Intelligence (AI) in the Field of Law. Arizona Law Journal of Emerging Technologies, 6, 1, 4-5.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref38">
    <label>38</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Stokel-Walker, C. (2023) Jailbroken AI Chatbots Can Jailbreak Other Chatbots: AI Chatbots Can Convince Other Chatbots to Instruct Users How to Build Bombs and Cook Meth. Scientific American. &gt;https://www.scientificamerican.com/article/jailbroken-ai-chatbots-can-jailbreak-other-chatbots/
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref39">
    <label>39</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Federal Trade Commission (2022) FTC Report Warns about Using Artificial Intelligence to Combat Online Problems: Agency Concerned with AI Harms Such as Inaccuracy, Bias, Discrimination, and Commercial Surveillance Creep. Federal Trade Commission. &gt;https://www.ftc.gov/news-events/news/press-releases/2022/06/ftc-report-warns-about-using-artificial-intelligence-combat-online-problems
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref40">
    <label>40</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     McClurg, A.J. (2003) A Thousand Words Are Worth a Picture: A Privacy Tort Response to Consumer Data Profiling. Northwestern University Law Review, 98, 63-144.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref41">
    <label>41</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kuempel, A. (2016) The Invisible Middlemen: A Critique and Call for Reform of the Data Broker Industry. Northwestern Journal of International Law and Business, 36, 207-234.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref42">
    <label>42</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Clifton, A. (2022) Privacy, Network Effects, and Law Enforcement: The Gap between Technology and the Law. Seattle Journal for Social Justice, 21, 213, 217, 218, 220-221.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref43">
    <label>43</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     The Electronic Communications Right Act, 15 U.S.C. § 9401(3).
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref44">
    <label>44</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Guariglia, M. (2024) Fourth Amendment Is Not for Sale Act Passed the House, Now It Should Pass the Senate. Electronic Frontier Foundation. &gt;https://www.eff.org/deeplinks/2024/04/fourth-amendment-not-sale-act-passed-house-now-it-should-pass-senate
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref45">
    <label>45</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Gallagher, R. (2023) Legal Loopholes Help US Spies Buy Americans’ Personal Data: Such Information Can Be Used for an Array of Purposes, a Key Report Has Found. Bloomberg. &gt;https://www.bloomberg.com/news/newsletters/2023-06-21/legal-loopholes-help-us-spies-buy-americans-personal-data
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref46">
    <label>46</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Schilke, R. (2024) House Ends FISA Saga with Passage of Fourth Amendment Is Not for Sale Act. Washington Examiner. &gt;https://www.washingtonexaminer.com/news/house/2969992/house-fisa-saga-passage-fourth-amendment-not-for-sale-act/
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref47">
    <label>47</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Savage, C. and Broadwater, L. (2024) House Passes 2-Year Surveillance Law Extension without Warrant Requirement. The New York Times. &gt;https://www.nytimes.com/2024/04/12/us/politics/surveillance-bill-fisa.html
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref48">
    <label>48</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Executive Office of the President (2024, April 16) Statement of Administration Policy, H.R. 4639—Fourth Amendment Is Not for Sale Act (Rep. Davidson, R-OH, and Seven Cosponsors). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref49">
    <label>49</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     House Energy and Commerce Committee (2024) Spokesman Review: Cantwell, Rodgers Strike Bipartisan Deal on Landmark Data Privacy Bill. House Energy and Commerce Committee. &gt;https://energycommerce.house.gov/posts/spokesman-review-cantwell-rodgers-strike-bipartisan-deal-on-landmark-data-privacy-bill
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref50">
    <label>50</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Smith, O.D. (2024) Cantwell, McMorris Rodgers Strike Bipartisan Deal on Land-Mark Data Privacy Bill. The Spokesman Review. &gt;https://www.spokesman.com/stories/2024/apr/07/cantwell-mcmorris-rodgers-strike-bipartisan-deal-o/
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref51">
    <label>51</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Anderson, J. and Rainie, L. (2018) Artificial Intelligence and the Future of Humans. Pew Research Center. &gt;https://www.pewresearch.org/internet/2018/12/10/artificial-intelligence-and-the-future-of-humans/
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref52">
    <label>52</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Simshaw, D. (2023) Toward National Regulation of Legal Technology: A Path For-ward for Access to Justice. Fordham Law Review, 92, 1, 7.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref53">
    <label>53</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     United States Courts (2020) Just the Facts: Intellectual Property Cases-Patent, Copyright, and Trademark. United States Courts. &gt;https://www.uscourts.gov/news/2020/02/13/just-facts-intellectual-property-cases-patent-copyright-and-trademark
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref54">
    <label>54</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     McKelvey v. State, 474 P.3d 16, 27 (Alaska Ct. App. 2020) (Quoting 1 Wayne R. Lafave, (2012) Search and Seizure, § 2.3(g), at 799-800). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref55">
    <label>55</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     McClain, C., Faverio, M., Anderson, M. and Park, E. (2023) How Americans View Data Privacy: The Role of Technology Companies, AI and Regulation—Plus Per-sonal Experiences with Data Breaches, Passwords, Cybersecurity and Privacy Policies. Pew Research Center. &gt;https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref56">
    <label>56</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lin, W.C. (2016) Where Are Your Papers: The Fourth Amendment, the Stored Communications Act, the Third-Party Doctrine, the Cloud and Encryption. DePaul Law Review, 65, 1093, 1135-1136.
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref57">
    <label>57</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Opderbeck, D.W. (2022) Cybersecurity and Data Breach Harms: Theory and Reality. Maryland Law Review, 82, 1001. &gt;https://doi.org/10.2139/ssrn.4187263
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref58">
    <label>58</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Security Center, Ltd. v. First National Security Centers, 750 F.2d 1295, 1298-1301 (5th Cir. 1985). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref59">
    <label>59</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     United States v. Poller, No. 3:22-CR-165 (JAM), 2023 WL 4535338, at *5 (D. Conn. July 14, 2023). 
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref60">
    <label>60</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Kerr, O.S. (2004) The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution. Michigan Law Review, 102, 801-888. &gt;https://doi.org/10.2307/4141982
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref61">
    <label>61</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Rakas v. Illinois, 439 U.S. 128, 143 n. 12 (1978).
    </mixed-citation>
   </ref>
   <ref id="scirp.136925-ref62">
    <label>62</label>
    <mixed-citation publication-type="other" xlink:type="simple">
     Lyon, C. and Myers, J. (2023) California’s Delete Act Could Be Next Frontier beyond CCPA. Bloomberg Law News. &gt;https://news.bloomberglaw.com/us-law-week/californias-delete-act-could-be-next-frontier-beyond-ccpa
    </mixed-citation>
   </ref>
  </ref-list>
 </back>
</article>