PHOENIX — Arizonans have no constitutional right to online privacy to keep police from demanding information about them from internet providers without first getting a warrant, the Arizona Supreme Court ruled Monday.
In what appears to be the first ruling of its kind in the state, the court said internet users have no “reasonable expectation of privacy” that the information they furnish about themselves to their internet providers will be kept secret. That specifically includes who they are and their home address.
That means police and government agencies are free to obtain that information — the gateway to finding out exactly who is posting material — without a search warrant, the court said.
Monday’s 4-3 ruling drew a stinging dissent from Justice Clint Bolick.
He acknowledged there are a series of federal court rulings that say such information is not protected by the Fourth Amendment, which protects individuals from unreasonable searches.
But Bolick pointed out the Arizona Constitution has its own specific provision that says “no person shall be disturbed in his private affairs, or his home invaded, without authority of law.” That’s crucial, he said, because there is no similar protection in the federal Constitution.
“Where the (state) Constitution’s framers made deliberate effort to distinguish our state constitutional protections from the narrower confines of the federal constitution, our failure to credit and enforce our constitution’s language and intent inevitably means that those protections will not have their intended effect,” Bolick wrote.
This case involves what essentially amounts to a “sting” operation in which a Tucson police detective investigating child exploitation placed an ad on an internet advertising forum, inviting those interested in child pornography and incest to contact him. According to court records, William Mixton responded, sending images of child pornography.
The detective then got federal agents to issue an administrative subpoena to obtain Mixton’s Internet Protocol address, essentially a number assigned to users connected to the internet so that no two are the same. Those numbers can be either static or random.
With the IP address, the detective was able to identify Mixton’s internet provider, which in turn led to his street address. At that point, with a search warrant, police seized computers with images of child pornography.
Mixton was found guilty of 20 counts of sexual exploitation of a minor younger than 15 and sentenced to 17 years in prison on each, terms to be served consecutively.
He argued that the police never should have been able to get his IP address in the first place without an actual warrant signed by a judge who had reviewed whether there was probable cause to issue it.
Justice John Lopez, writing for himself and three other judges, said he does not interpret the Arizona constitutional provisions so broadly.
First, he said, internet users voluntarily provide their information and IP addresses to third-party internet service providers and servers. And Lopez said that information does not reveal the substance or content of any communications, comparing it to the return address on an envelope.
That argument held no water for Bolick, joined in dissent by Chief Justice Robert Brutinel and Vice Chief Justice Ann Scott Timmer.
He said people entrust private information to outsiders every day, like when they use credit cards, provide a Social Security number or even mail a saliva sample to a genetics laboratory.
“People often do reasonably expect that information they entrust to third parties, especially information subject to confidentiality agreements, will be kept private,” Bolick wrote.
Lopez said making that argument about internet privacy ignores that it really is an illusion and that people who access the web through providers are aware that their activities are hardly anonymous.
“Indeed, the websites themselves are public, and are locatable through public search engines,” he wrote. “Moreover, third parties often engage in pervasive and prolific derivative disclosure and sharing of users’ online activity.”
For example, Lopez said, online advertising networks track where users visit to create customized ads for them.
“In fact, third-party advertisement networks often share browsing information from multiple websites to build profiles on users,” Lopez said.
And he said website operators also collect data, doing things like “browsing fingerprinting” to gather what he called “innocuous bits of information” like a browser’s version number, plug-ins, operating system and language.
“Our ubiquitous and pervasive internet use that is internet-connected, cloud-dependent, and app-reliant for personal communications, all manner of commercial transactions, and universal positional tracking makes it hard to believe that anyone still retains this largely antiquated notion of anonymity in their internet use,” Lopez said.