From prisons to banks, the mass recording and collection of voices has become increasingly common. This practice can be useful—voiceprint technology (also known as voice recognition technology) helps banks and prisons verify the identity of a caller and prevent fraud. But, used for other purposes, this technology can reveal a considerable amount of personal information about the speaker and those they associate with. To address these privacy concerns, voiceprint technology should be subject to a new Fourth Amendment framework that treats each query of a voice database to verify an individual’s identity – a voiceprint verification – as a unique “search.” Drawing on the Supreme Court’s recent technology-related decisions and the insights of Fourth Amendment experts, we articulate the rationale for and specifics of this framework below.
Voiceprint technology works by first securing an initial recording of a known individual. For example, a prison may ask an incarcerated individual to provide a sample voice recording; a bank may record a client once the client goes through an alternate verification process. The technology then analyzes hundreds of components of that user’s voice and creates a voiceprint, which is stored in a database and associated with that individual. When subsequent calls are made, the technology creates a new voiceprint and compares that to the known voiceprint to confirm the caller’s identity. This matching process parallels that of other biometric verification processes such as DNA and fingerprint matching.
While voiceprint technology is a reliable method of identity verification, it has many other potential applications, some of them troubling. One technology company reportedly offers the investigative capability to search prison phone records for those featuring particular parties. This capability is not restricted to known users and can implicate the privacy rights of individuals who are captured speaking to users—for example, family members of incarcerated individuals. The company has stated that the technology is a “powerful new tool to uncover gang-related and other high-interest telephone calls.” While these particular uses are probably acceptable in prison as a legal matter, where inmates have a lower expectation of privacy, using voiceprint technology in other settings poses considerable privacy risks. If voice recognition technology were combined with speech recognition technology (which identifies the content of a conversation), a shocking amount of personal information could be revealed.
Biometric Searches Under Maryland v. King
Government collection of voiceprint data, either directly in prisons or indirectly from banks or other companies, calls to mind Maryland v. King, the 2013 Supreme Court decision that considered the Fourth Amendment implications of DNA collection and matching. In that case, law enforcement obtained Alonzo King’s DNA from a cheek swab following arrest, allegedly for the purposes of identification. This DNA was used to create a DNA profile, which was stored in Maryland’s DNA database and later run against the FBI’s DNA database, Combined DNA Index System (“CODIS”). CODIS contains DNA profiles from convicts and arrestees (which can be used to identify an individual), as well as forensic evidence secured from a crime scene (which can be used to identify a suspect for a particular crime). Law enforcement ran King’s DNA against both types of CODIS profiles, which revealed a match between King’s DNA and forensic evidence secured from a 2003 rape. Maryland charged King with rape and King, in turn, challenged the cheek swab as an unlawful search under the Fourth Amendment.
The Fourth Amendment protects individuals from unreasonable government searches. A “search” occurs when the government intrudes upon an individual’s subjective expectation of privacy that is deemed reasonable by society. For a “search” to be lawful, the Fourth Amendment typically requires law enforcement to show probable cause and obtain a warrant. However, in certain instances, special law enforcement needs may diminish an otherwise reasonable expectation of privacy. In these instances, courts drop the probable cause and warrant requirements and instead balance the individual’s privacy interests against legitimate governmental interests to determine whether the search was reasonable. For example, in Samson v. California, the Supreme Court upheld the practice of suspicionless searches of parolees on the street, finding that parolees have a low expectation of privacy that is outweighed by the government’s interest in protecting society from future crime.
Applying this balancing test, the Court in King found the “search” of King’s DNA to be lawful. The Court balanced the government’s need to process and identify the individuals it takes into custody against the diminished privacy interests of an individual who was in police custody for a serious offense supported by probable cause. The Court also emphasized that King did not suffer a significant invasion of his privacy because law enforcement obtained the DNA through brief and minimally invasive means, and because the parts of the DNA incorporated into Maryland’s DNA profile (“loci”) do not reveal the arrestee’s genetic traits.
Rethinking Maryland v. King’s Conception of a Search
The fact pattern in King presents an important question: what constitutes one DNA “search”? The Supreme Court’s decision treated running King’s DNA against two CODIS databases (one containing DNA of arrestees and convicts, the other containing DNA secured from crime scenes) as one “search.” The Supreme Court’s recognition of only a single search is admittedly consistent with traditional Fourth Amendment search analyses of physical objects. When law enforcement lawfully searches a physical container, it may search all contents of that container and privacy rights in those contents are considered extinguished; applied to the DNA context, when law enforcement lawfully searches one’s DNA, it may search all aspects of that DNA, for both identity and forensic evidence matches. In theory, this is because the individual loses privacy rights in their DNA profile when it is secured and used for a lawful search.
However, several experts have commented that, much like computers and cell phones, DNA evidence warrants a different analytical framework in which the boundaries of a search are defined by the amount of information exposed. As Kelly Lowenberg notes in “Applying the Fourth Amendment to DNA,” the scope of searches and seizures of traditional physical objects is limited by the particularity requirement (which requires warrants to particularly describe the place and items to be searched, thereby protecting against general searches) or by narrowly applied warrant exceptions. However, such constraints are difficult to impose on evidence containing vast amounts of information like DNA or hard drives, which by their very nature may reveal invasive information that is not relevant to the investigation. Because responsive information cannot reasonably be severed from non-responsive information at the point of collection, law enforcement is forced to obtain large amounts of information for which there is no cause. This over collection of information drastically increases the potential for government abuse, a fundamental concern and motivation for Fourth Amendment protections going back to the Framers’ fear over “general warrants.”
In Searches and Seizures in a Digital World, Fourth Amendment scholar Orin Kerr argues that the “zone” of a computer search should be defined not by the physical boundaries of the device being searched, but by the actual information that the search exposes to the viewer. Specifically, Kerr argues that “a search occurs when information from or about the data is exposed to possible human observation, such as when it appears on a screen, rather than when it is copied by the hard drive or processed by the computer.” Kerr’s argument is supported by United States v. Karo, which found that covertly placing an electronic beeper in a can of ether (an ingredient used in the production of cocaine) and transferring that can to a defendant was not a “search” until the beeper was used to track the can.
Kerr’s formulation suggests that privacy rights in objects that may contain or expose large amounts of information are not extinguished just because other parts of that object have been searched. For example, Lowenberg applies Kerr’s framework for computer searches to DNA searches, arguing that each subsequent analysis of DNA collected should be considered a new search, subject to separate Fourth Amendment considerations, because it exposes new information. Examples might include a search for a paternity match, a search for a genetic condition, or a search for heritage. This is consistent with Ferguson v. City of Charleston, a 2001 decision in which the Supreme Court found that drug testing the urine of pregnant women originally obtained for medical purposes violated their Fourth Amendment rights. The Court reasoned that searching the urine for drug use was outside the scope for which original consent was obtained and was therefore a separate search.
Some courts have ruled similarly in the computer context. In United States v. Carey, the Tenth Circuit found that a warrant allowing officers to search for files pertaining to the distribution of controlled substances did not also allow officers to search for evidence of child pornography. This holding expresses the view that a computer is not a like a physical container that, once opened, no longer contains any private information. Judge Bea’s concurrence in U.S. v. Comprehensive Drug Testing similarly suggested that only information that was actually made visible on the computer screen itself was in “plain view” during the search of a facility. However, in United States v. Runyan, the Fifth Circuit held that all privacy rights in a disk were extinguished once one file had been searched by a private party; and in United States v. Slanina, the Fifth Circuit held that a warrantless but justified search of a part of a computer extinguished the privacy rights in the computer as a whole.
Recent Tech Cases Might Warrant a Reconsideration of Maryland v. King
Despite this inconsistency across courts, the notion that each voiceprint verification should be considered its own Fourth Amendment search is strongly supported by two recent Supreme Court cases that curtailed earlier jurisprudence to account for the privacy implications of modern technology. These cases are Riley v. California and United States v. Carpenter.
In Riley v. California, the Court held that law enforcement could not conduct a warrantless search of the contents of a cellphone that was seized incident to arrest. The Court found that modern cellphones contain within them “the privacies of life,” and reasoned that cellphones are unlikely to implicate the legitimate government interests, such as officer safety or destruction of evidence, that permit the search of physical items incident to lawful arrest. Riley’s holding effectively curtailed the prior doctrine, which had categorically allowed searches incident to arrest in Chimel v. California (holding that police can search the area within the arrestee’s immediate reach), United States v. Robinson (holding that police can search the full body of the arrestee including the contents of a cigarette pack found in his pocket), and Arizona v. Gant (holding that an arrestee’s vehicle can be searched after the arrestee is secured if it is reasonable to believe that evidence of the offense of arrest might be found in the vehicle).
The Court’s recognition that a search of Riley’s cellphone implicated far greater privacy concerns than a search of other containers, such as the cigarette carton in Robinson, suggests that identifying the amount of information that may be exposed is an important inquiry in the determination of whether there is a “search.” Unlike a search of a traditional physical object, the search of a cellphone exposes an incredible amount of personal information due to the depth of what is stored on the device.
Additionally, just as the Riley Court was concerned that searching a cellphone to preserve evidence or disarm an arrestee may serve as a pretext for a search to reveal additional private information, Justice Scalia was concerned in his King dissent that collecting DNA to identify arrestees is just a pretext for collecting forensic evidence to solve cold cases. This concern about pretext in the context of highly invasive searches further suggests the relevance of the amount of exposable information to the determination of whether there is a “search.” Applying this inquiry whenever a highly-content rich source of information is searched would prevent law enforcement from subjecting vast arrays of personal information to numerous searches every time there is one legitimate purpose for the initial collection.
But this inquiry is not just about the contents of the object being searched; it is also about the extent to which additional information can be revealed from the object upon further analysis. In United States v. Carpenter, the Supreme Court found a reasonable expectation of privacy in cell site location information (CSLI) records generated by third-party cell phone providers. To obtain service, cellphones regularly connect to nearby cell towers. Cell service providers record these connections, which can be used to identify the approximate location of a cellphone at any given time. Prior to Carpenter, the Supreme Court had long held that individuals have no reasonable expectation of privacy in information shared with third parties. However, the Supreme Court curtailed this so-called “third party doctrine” in Carpenter, taking issue with CSLI records’ ability to continuously reveal an individual’s location over time, and noting that location tracking with CSLI records is “remarkably easy, cheap, and efficient.” In effect, the Court took issue with how easy it is to expose mass amounts of information about a defendant from CSLI records.
Carpenter recognized that privacy is implicated not just by the contents of the object being searched, but by the ways in which law enforcement can use and aggregate the collected information. The Court was concerned about how the aggregation of CSLI could be leveraged to determine “familial, political, professional, religious, and sexual associations” perhaps in combination with other forms of records.
Voiceprints resemble CSLI more than cellphones in the sense that one voiceprint itself does not contain an abundance of private information. But just like the collection of CSLI allows law enforcement to track an individual over time with much more ease than weeks long human surveillance, the collection of one voiceprint would allow law enforcement to automatically identify limitless future conversations. This similarity in terms of resource efficiency suggests that the Carpenter concern that law enforcement could use aggregated CSLI to piece together the details of an individual’s life applies equally in the voiceprint context.
While the collection of a large amount of CSLI bothered the Court in Carpenter, the Court was silent on whether a small amount of CSLI warrants Fourth Amendment protection. An earlier case, United States v. Jones, seems to contemplate that short-term GPS monitoring may not implicate the Fourth Amendment. But in the voiceprint context, the collection of even a single voiceprint could enable law enforcement to identify a single individual’s voice in any hundreds or thousands of subsequent conversations. It would not be tenable to hold that only the collection of a certain number of voiceprints warrant Fourth Amendment protection. Each collection, and subsequent use, of voiceprint data should be subject to its own Fourth Amendment search analysis.
Put together, Riley and Carpenter demonstrate that the potential amount of information exposed is instrumental in determining whether there is a reasonable expectation of privacy, and in turn, whether the government has conducted a search for Fourth Amendment purposes. Applied to the voiceprint context, it is clear not only that there is generally a reasonable expectation of privacy in a recording of one’s voice, but that a Fourth Amendment analysis is necessary each time a verification of a voiceprint is conducted. In Riley, Chief Justice Roberts cited King in arguing that “when ‘privacy-related concerns are weighty enough,’ ‘a search may require a warrant, notwithstanding the diminished expectations of privacy’” of the individual being searched. Voiceprints are the latest in a line of technological advances where the privacy interests are “weighty enough,” and the Court should reconsider King in the same way that Riley and Carpenter have begun to chart a more privacy-conscience direction in Fourth Amendment jurisprudence.