Giant tech companies are not a brooding omnipresence in the sky,1 but mostly because their rapacious approach to data surveillance leaves little time for brooding. They are certainly omnipresent, and their role in contemporary life has an eerie, ethereal quality — not unlike the nineteenth-century projections of legality that so disquieted Justice Holmes and his allies. It took the realists a generation to dismantle the mythos of formalism.2 This case requires nothing so grand, but we could still use a healthy dose of realism. Giant tech companies are not our advocates. They are not our friends. They are giant companies. Their concerns about consumer privacy run exactly — and only — to the extent of their business interests. Everything else is just peripheral noise.
In Privacy as Privilege, Professor Rebecca Wexler argues that courts should stop construing the Stored Communications Act3 (SCA) to block criminal defense–side subpoenas for communication records.4 She has woven a narrative in which communication privacy collides with the ability of criminal defendants to mount a robust case. This story is not wrong; such collisions occur. The more important story, however, is a slightly different one. It originates from the same facts, and it also features disadvantaged criminal defendants. But they are not the main characters. Rather, the main characters are the giant tech companies that have routinely been served with defense subpoenas (under the SCA), appeared in court to contest those subpoenas, and won — securing “privacy victories” for their users. And the moral of the story, boiled down, is that we should beware of these victories; for they are not quite what they appear. A system in which the boundaries of communication privacy are negotiated at the behest of the very entities whose profit model relies on their erosion is not a healthy one. It may be preferable to a system in which no communication privacy is protected. But it merits little praise beyond that.
In terms of genre, Wexler’s narrative is tragic. It conjures to mind a world in which two relatively powerless actors — criminal defendants and consumers — are pitted against one another, a conflict fated for zero-sum resolution. Longer term, however, the more important narrative is not a tragedy. It is a polemic. And its focus is not on the less powerful characters, but the more powerful ones: the surveillance state and its corporate handmaidens, both of whom would prefer all of us, as subjects of power, to imagine their relationship in oppositional rather than synergistic terms.
* * *
The problem animating Wexler’s Article is easy to see. Trials depend on informational abundance,5 whereas privacy laws create pockets — some small, some vast — of informational scarcity.6 And more specifically, the SCA, as a privacy law, limits access to communication records in ways that can thwart the presentation of a robust defense. By construing the SCA to bar defense-side subpoenas, Wexler argues, courts have created a de facto evidentiary privilege, one that “shield[s] an ex ante category of [possibly exculpatory information] from [compulsory legal] process.”7 In Wexler’s view, this outcome is lamentable; the point of Privacy as Privilege is that courts should reverse course.
I find little to disagree with in Wexler’s core claim. As a value, exculpation is quite important. And, as a tool for shoring up this value, compulsory process is likewise.8 Furthermore, the SCA seems like an odd legal instrument for counteracting these principles, and the court decisions canvassed by Wexler appear, accordingly, to suffer from a profound lack of imagination — to say the least.
The lingering question, if we take Wexler’s account seriously, is where privacy ultimately stands. As she acknowledges, open-ended discovery and admissibility — as ingredients of the trial process — are at some level necessarily at odds with privacy.9 For privacy is an antiaccuracy value.10 That is the source of both its precariousness and its grandeur; to speak in the language of privacy is to highlight aspects of human flourishing that transcend, and can in principle justify setting aside, our collective commitment to the discovery of truth.11
As such, it is only to be expected that privacy protections — like those in the SCA — would operate, at times, to the detriment of fact-finding in particular cases. The question is whether the tradeoffs are worth it. Wexler thinks not, and she offers two intertwined arguments in service of that view. The first is a procedural argument about the route by which courts have limited defense-side access to communication records. The second is a substantive argument about why barring such access may, on balance, be unwise. I will briefly discuss these arguments in turn.
The procedural argument, which comprises the heart of Wexler’s Article, concerns the relationship between statutory interpretation and evidentiary rules. Statutes designed to constrain information flow can, in principle, impact the trial process by limiting the latter’s inputs; in light of this restraint, the interpretation of such statutes always runs a risk of thwarting the goals of evidence law. In Wexler’s view (and I agree), that is exactly what rigid interpretations of the SCA do: they frustrate the ability of criminal defendants to develop a maximally persuasive defense. Furthermore, she argues (and once again, I agree), statutory interpretations that bar access to an entire category of information, creating a de facto privilege, should be subject to a strict construction rule.12 The SCA contains no such statement, so it should be read permissively.
Even if all this is right, however, it does not tell us whether a privilege along the lines enacted by courts — an “Internet privilege,” in Wexler’s phrase13 — is warranted on the merits. In fact, as Wexler acknowledges, lawmakers and judges have myriad tools at their disposal apart from rigid statutory interpretation to arrive at the same essential endpoint. In her words:
[I]f legislators or courts are displeased with the result, options are available to them. Congress could amend the SCA to enact a novel statutory evidentiary privilege that unqualifiedly bars criminal defendants from subpoenaing technology companies for the contents of online communications. Or, courts could rely on their common law authority to craft such a privilege from whole cloth, provided they first undertake the required balancing of the competing interests.14
To this list, I would add that the rulemaking committee for the Rules of Evidence could propose a new specialized relevance rule — Rule 4093/4 — that limits the admission, and perhaps also the discovery, of communication records for specific purposes.15
Given all this, the question becomes substantive. Wexler’s complaint is not merely about interpretive hijinks; it runs to the merits. In her view, the legal system ought not to deprive criminal defendants of access to exculpatory evidence contained in communication records, period — whatever the instrument of deprivation. At one point, in fact, she characterizes the worry about communication privacy that underwrites the status quo approach to the SCA as an argument “dressed in privacy clothing” but bereft of a real core.16 In reality, Wexler maintains, lifting the bar on defense-side subpoenas for communication records “would impose zero cost to privacy.”17
If true, this would be a devastating objection to existing law, because it would mean that courts have not only distorted the SCA but done so gratuitously. Yet is it true? Here, Wexler’s argument boils down to two claims.18 The first is that individuals “with legitimate privacy interests” — in other words, people who do not want enormous batches of records about their private communications to be accessible at any time by all defense lawyers — could move to quash defense “subpoenas . . . served on technology companies.”19 For a variety of reasons that have been thoroughly expounded in the privacy literature, and which I will list here only briefly, this solution is unlikely to have much bite in practice. The reasons include problems with notice,20 a regressive political economy of legal “self-help,”21 the hardship of having to assess the privacy sensitivity of enormous quantities of communication data,22 and, most fundamentally, the fact that the motion-to-quash tool, even when accessible and effective, is simply not that protective of privacy.23
Perhaps out of an implicit sense of these difficulties, Wexler quickly pivots to her second argument. Namely, even if many people would be unable to effectively avail themselves of this protection in practice, it does not matter; the countervailing benefits for criminal defendants are still greater. “Concededly,” Wexler writes, there will be a group of individuals “whose privacy interests are unknown because, for instance, they cannot be located or contacted” — or I would add, because they move to quash subpoenas for communication records but are simply unsuccessful — who:
stand to lose control over information with unknown privacy value. . . . But protecting such speculative privacy interests with the current, unqualified SCA bar on criminal defense subpoenas is wrong. As an initial matter, it is overbroad; it blocks access to private and nonprivate evidence alike. Additionally, any hypothetical privacy interests in this category of communications are, by definition, unjustified by any legal showing, and should thus be considered waived. Speculative privacy interests that no one has raised in court should not outweigh the sober need for relevant evidence in criminal proceedings.24
On what evidence does this final assertion — that the interests of criminal defendants are more important, in aggregate, than countervailing interests in communication privacy — come to rest? Wexler may, of course, believe the assertion to be true. And she may ultimately be right. But the essence of the privacy argument, the one Wexler denigrates as merely “dressed in privacy clothing,”25 is that her claim is backward.
In other words, the privacy argument here just is that the privacy interests in this realm are more important, in aggregate, than the countervailing interests of criminal defendants. And this is hardly an unfamiliar or outlandish argument. In fact, it is the same argument, in form, that underpins the Fourth Amendment’s approach to digital privacy. There, of course, the interests on the “legal process” side of the ledger run to the state, not to defendants. But the privacy interests are virtually identical — and the Supreme Court has recently made clear, echoing decades of scholarly agitation, that subpoenas provide insufficient accommodation of those privacy interests.26 Instead, warrants are necessary.27 This does not necessarily mean, of course, that warrants (or the equivalent) should be required for defense-side discovery. With different interests at stake, the balance may net to a different equilibrium.28 But it does give us prima facie reason to doubt that a subpoena regime, standing alone, suffices to accommodate the relevant privacy interests — foundational as they are to the health of our democratic culture.29 And, at a minimum, it means that waving the problem away, designating it a matter of fashion rather than substance, cannot be the right answer.
* * *
There is, however, a different sense in which Wexler is right to characterize the legal arguments in favor of an SCA bar to defense-side subpoenas as “dressed in privacy clothing,” despite being, in the last analysis, about something else entirely. That something else is corporate power. Giant tech companies do cloak their arguments about the SCA in the rhetorical garb of privacy. The wrinkle, however, is not (as Wexler would have it) that their arguments genuinely fail to implicate privacy. It is that privacy values are, so to speak, the argument’s incidental beneficiaries. The primary beneficiary is a radical, deregulatory — even antinomian — vision of information capitalism.
This point echoes one of Wexler’s own. Ultimately, she writes, the main “effect of the current SCA privilege is not to protect privacy but, rather, to exempt technology companies from the administrative burdens of complying with judicial compulsory process.”30 And it is quite “unclear,” she continues, “why these companies should receive this special treatment when other companies and private individuals all must shoulder the public duty of supplying relevant evidence to the courts.”31
In spirit, I wholeheartedly agree — but I would use a less measured tone. In my view, not only is it unclear why tech companies should receive “special entitlements” with respect to legal process; it is quite clear they should not. Giant tech companies may differ from other powerful corporations. But if they do, it runs exclusively in the direction of bearing duties, not avoiding them. For instance, it may be, as I and many others have argued, that giant tech companies have fiduciary obligations32 — in a manner roughly analogous to doctors, lawyers, and financial advisors — to their users, above and beyond the baseline duties of contract, tort, and property law.33 Similarly, some have argued (so far unsuccessfully in court) that giant tech companies have constitutional obligations, given the totalizing role they play in our expressive and political lives.34 Yet even if these “heightened duty” arguments fail to carry the day, their plausibility only goes to show that giant tech companies are distinctive, if at all, in ways that call out for greater restriction, not greater license.
In fact, take a step back. Why would anyone think giant tech companies deserve special legal treatment? The answer lies, I think, in an elaborate, dismayingly successful PR campaign. For decades now, giant tech companies have been cultivating an aura of renegade independence, a riff on the famous Marlboro Man aesthetic — charismatic, world weary, flirting with anarchy35 — but reimagined through a cyber-punk lens.36
The PR campaign has also infused litigation strategy. For example, as Wexler notes, Facebook and Google recently submitted a petition for certiorari about the SCA issue, arguing against “prioritiz[ing] a criminal defendant’s desire to obtain communication [records]” over “trust in the privacy of electronic communications.”37 And this is just the tip of the iceberg. In the last few years, Microsoft has argued (1) that provisions of the SCA allowing the government to seek an order limiting disclosures to users about records requests violates the First and Fourth Amendments,38 and (2) — more famously — that it need not comply with properly issued warrants for user data, so long as the data is being “stored” outside the jurisdictional territory of the United States.39 Similarly, Facebook has argued against compliance with warrants, not just subpoenas, on user-privacy grounds.40 What is more, giant tech companies are not alone in making these arguments; they are routinely supported by prominent, well-heeled, progressive advocacy organizations like the ACLU41 and the Electronic Frontier Foundation (EFF).42
Politics, they say, can make for strange bedfellows — and that may be part of the explanation here. But I cannot help but detect a sense of resignation as well. If privacy politics have devolved into a prolonged negotiation of the terms of surrender to the titans of information capitalism, these developments make some sense; they represent a rational strategy by a weaker party, trying to pull as much potential value as possible out of the negotiation. This is certainly the sensibility on display in recent legal scholarship, which emphasizes the “intermediary” role that giant tech companies can play in keeping the surveillance state at bay.43 Tech companies, the logic goes, may not have the public interest — or indeed, any normative interest — at heart. But they can at least be counted on, consistent with their business model, to run interference.44
From a mercenary perspective, the “surveillance intermediary” model may be attractive. For reasons both substantive and procedural, digital privacy rights have proven difficult to secure through direct litigation.45 The Supreme Court has, of course, long been hostile to class actions46 — an especially important vehicle in the privacy context, where injuries are typically small and diffuse.47 But that is only the beginning. In recent years, the Court has expressed doubt about Article III standing for privacy claims, even in settings where Congress has sought to create private rights of action,48 and at least one member of the Court has signaled that cy pres remedies — another important tool in privacy litigation — may soon be on the chopping block.49 Put all this together, and it is not hard to see the appeal of having giant tech companies litigating on behalf of their users. It may be nothing more than a stopgap measure. But the gap it aims to stop is significant.
From a more aspirational perspective, however, the status quo looks more discouraging. It seems like an unambitious rallying cry, putting the point rather mildly, to demand simply that giant tech companies comply with normal legal process. Normal legal process is not perfect, of course. It has blemishes and lacunae; it evolves very slowly. Particularly in the context of digital records, historical tools have proven to be largely ineffective, and reconfiguration — of just the sort we are beginning to see in the Fourth Amendment context50 — is needed.
But the reconfiguration ought to be a political and jurisprudential process in which the public, as the main interest holder on both sides of the ledger — concerned about both the fate of communication privacy and the operation of the criminal justice system — should have the final say. It should not be a reconfiguration for the primary benefit of private business interests, even if those interests happen to align, contingently and temporarily, with the public good. In terms of shorter-term tactics, it may be tempting to capitalize on such alignment. But the winds of alignment are fickle, and longer term, the better strategy — the genuinely democratic strategy — must lie elsewhere.
On this front, United States v. Microsoft,51 the “extraterritorial warrant” case from 2018, is exemplary. Microsoft was served with a warrant to turn over communication records related to one of its users.52 In response, the company argued that the relevant records were held in Ireland, so they fell beyond the warrant’s territorial scope.53 The case made its way up the appellate chain, and Microsoft litigated relentlessly.54 It focused especially on the geopolitical implications of compliance — what precedent would it set to have one sovereign (in this case, the United States) compel the cross-border extraction of data via ordinary legal process?55 According to the company, it would spell the end of digital privacy worldwide.56 And — just as in the SCA cases canvassed by Wexler — the ACLU, EFF, and other privacy-oriented advocacy organizations agreed.57
There is an important sense, however, in which the entire litigation was built on unsound foundations. That the case persisted so long is beside the point; it goes to show only the sheer quantity of resources Microsoft was willing to commit to the process. In fact, the case had little — in some sense, nothing — to do with privacy. The underlying warrant had been issued on probable cause. Probable cause is a mechanism of privacy protection. It may be imperfect. It may be subject to erosion.58 But it is nevertheless, and axiomatically, the main legal tool we use to enforce privacy interests against the government.
Accordingly, for Microsoft to resist compliance with a validly issued warrant on privacy grounds was, at bottom, to thumb its nose at the agreed-upon mechanisms of legal process. It was to play the role of jurisprudential vigilante. As Professor Paul Ohm put it:
Microsoft’s entire course of conduct — from setting up its remote datacenters in a way that permits users to select where to place their data to suing the federal government for seeking a warrant to investigate a drug crime — could be cast as a gambit that isn’t about respecting the rules of Ireland or the United States or the rights of the Irish or the Americans. It is perhaps part of a much more cynical and pernicious move to declare independence from [sovereign governments] . . . . This seems more East India Company than Thomas Paine. Revolutions should not be declared by corporations, they should reflect the will of the people, in this case, the users.59
Ohm is right: revolutions should not be declared by giant companies.60 But in some sense, this gives Microsoft too much credit. The company was not making a revolutionary claim. Like the other companies discussed in Wexler’s Article who have invoked the SCA to resist compliance to subpoenas, Microsoft was making a deregulatory claim. All it really sought to do was fend off the state. The idea was not to upend sovereignty or to facilitate a grand rebalancing of geopolitical power. It was to proceed, business as usual, with all the benefits of a world defined by sovereign power — but without the hassle of compliance or the downsides of enhanced visibility into corporate operations.
This “gambit,” as Ohm rightly describes it,61 should be resisted. It is a gambit characteristic of gilded economies: a strategy adopted by powerful economic actors to convince those lesser off that everyone’s interests are, on a deeper level, aligned against an overreaching state. The gambit comes in many shapes and sizes, but its core is always the same. And its paradigm case, in the American legal imagination, is plain. Joseph Lochner was not a baker; he was a bakery owner.62 But still he managed, through deft legal representation, to get the Supreme Court to focus on the way in which “limiting the hours in which grown and intelligent men may labor to earn their living [represents a] meddlesome interference with the rights of the individual.”63 Mr. Lochner had a vanishing fraction of the resources giant tech companies do. Imagine where they could focus — or have already focused — the judiciary’s attention.
† Responding to Rebecca Wexler, Privacy as Privilege: The Stored Communications Act and Internet Evidence, 134 Harv. L. Rev. 2721 (2021).
* Associate Professor of Law and William T. Golden Scholar, University of Connecticut School of Law. The author would like to thank Michael Fischl, Brendan Maher, Julia Simon-Kerr, Doug Spencer, and Rebecca Wexler for helpful feedback. Additionally, Morgen Barroso and Ryan Coleman provided invaluable research assistance.