The influential Ninth Circuit Court of Appeals recently issued an important decision in a “watershed case” regarding the expectation of privacy in password protected electronic devices. US v Cotterman
Handed down on March 8, 2013, US v Cotterman involved the border search of a registered sex offender entering the US from Mexico. When they were unable to override password protected files, the DHS shipped the laptop to a forensics office 170 miles away. Once opened, the protected files showed evidence of criminal behavior leading to Cotterman’s arrest.
In upholding the search, the Court of Appeals deveoted much of its 82-page opinion to the issue of electronic data. The court found that the uniquely sensitive nature of data on an electronic device carries with it a significant expectation of privacy, rendering an exhaustive exploratory search more intrusive than with other forms of property.
There are many distinct aspects to this case including its criminal, not civil, nature and the “border exception” to search and seizure rules. But the case has implications for civil privacy-related litigation because it acknowledges the inherent value to data stored on electronic devices, equating data with “personal pages in the words of the Constitution.” The court noted that data exists well beyond the point of erasure because browsing histories can be tracked, and that storing data on the cloud is particularly problematic when addressing expectations of privacy.
Many civil actions are dismissed because plaintiffs cannot establish an injury to a legally protected right or damages when data is lost or breached. Many courts see loss of data as a hypothetical or future loss that is not recoverable in the here-and-now.
What the US v Cotterman case gives plainitffs is a legally protected right, an expectation of privacy deserving of constitutional protection. Civil cases may still fail due to the lack of demonstrable harm, but cases like US v Cotterman show a heightened judicial awareness of the value of electronic data.