New York court on privacy expectations in social media accounts

Nicole Black, BridgeTower Media Newswires

Every year around this time, I begin to conduct research for the annual update to the Thomson Reuters criminal law treatise, “Criminal Law in New York,” which I co-author with Brighton Town Court Judge Karen Morris. During the course of my research, I often discover cases that arise from interesting overlaps of technology and criminal law.

This year has proven to be no different, and last week I stumbled upon an interesting case from New York City Criminal Court, which focuses on issues relating to whether the access to social media accounts by law enforcement triggers constitutional privacy interests.

In People v. Sime, 62 Misc.3d 429 (2018), one issue addressed by the court was whether the defendant had a constitutionally protected privacy interest in the IP data and photograph metadata that she had uploaded and shared online via a public Instagram account.

In this case, the defendant was charged with, in part, unlawful disclosure of an intimate image in violation of Administrative Code of the City of New York § 10-177 [b][1]. It was alleged that the defendant, who was dating the complainant’s ex-boyfriend, posted nude photos of the complainant to two different Instagram accounts. The photos were allegedly taken by the complainant’s ex-boyfriend. One of the Instagram accounts was alleged to belong to the ex-boyfriend and the other was alleged to have been created in the complainant’s name by the defendant. As part of that prosecution, the court issued a search warrant on Instagram seeking access to the data connected with the two Instagram accounts.

The defendant challenged the search warrant, asserting that it was not supported by probable cause. She conceded that she did not have a privacy interest in the posted photos since they were shared on an account that was open to the public and had no privacy settings enabled. Accordingly, her argument was based instead upon the assertion that “there is a general right to privacy for the IP addresses associated with the person who posted the pictures and the metadata contained in the photographs public (sic.) posted pursuant to the recently decided case Carpenter v. United States, 138 S.Ct. 2206 [2018].”

As I explained in a previous article, in Carpenter the court held that a warrant was required in order for law enforcement to access historical cell phone geolocation data. In the case at hand, the court disagreed that the Carpenter holding was applicable on the gourds that IP data and metadata relating to an Instagram photo is not analogous to cell phone geolocation data.

The court explained that unlike historical cell phone geolocation data, IP data does not necessarily provide information regarding the defendant’s specific location:

“Obtaining IP data does not provide the police the ability to exhaustively know a defendant’s exact position — at best it might incidentally reveal what device was used to post a photograph in the general vicinity of an internet router. In other words, at most it will let the police find a building near the used cell phone or computer device on discrete dates when pictures were uploaded for the public to view, and has no bearing on the defendant’s day-to-day movement…Similarly, photograph metadata might let you know what camera was used to take a particular picture, and (if it was not already obvious from the picture itself) where that picture was taken.”

Because IP data and metadata provide only a brief snapshot of the user’s location at any given time, the court compared IP data and metadata to telephone billing records, in which customers have a lower expectation of privacy: “IP data and metadata are roughly analogous to telephone billing records, and there is no legal reason to protect this data to the same extent as long-term GPS data and cell-site information.”

Accordingly, the court denied the defendant’s motion challenging the search warrant, concluding that “(T)here is no constitutional privacy afforded to the IP data and photograph metadata that the defendant uploaded and shared with the world, nor would a subjectively held privacy expectation be reasonable or one that society is prepared to recognize.”

Digital privacy rights are an important and evolving issue. Now that online interaction and mobile device usage are commonplace, data regarding all aspects of our daily lives is regularly collected by a host of third parties. As law enforcement increasingly seeks access to that information, courts will necessarily continue to grapple with the constitutional nuances presented by varying factual scenarios — and rest assured, I’ll continue to cover their efforts in this regard.

—————

Nicole Black is a director at MyCase.com, a cloud-based law practice management platform. She is also of counsel to Fiandach & Fiandach in Rochester and is a GigaOM Pro analyst. She is the author of the ABA book “Cloud Computing for Lawyers,” coauthors the ABA book “Social Media for Lawyers: the Next Frontier,” and co-authors “Criminal Law in New York,” a West-Thomson treatise. She speaks regularly at conferences regarding the intersection of law and technology. She publishes three legal blogs and can be reached at niki@mycase.com.