NJ Supreme Court Rules For Internet Privacy

dprovine writes "The New Jersey Supreme Court has ruled that ISPs can't release customer information without a warrant. The unanimous decision reads in part 'We now hold that citizens have a reasonable expectation of privacy protected by Article I ... of the New Jersey Constitution, in the subscriber information they provide to Internet service providers — just as New Jersey citizens have a privacy interest in their bank records stored by banks and telephone billing records kept by phone companies.'"

Precedence in US Vs Forrester

[eldavojohn]

I'm not a lawyer but I thought precedence was set for this in US Vs Forrester where a $10 million drug operation had their e-mail, phone and IP address records obtained from their ISP without a warrant. They were guilty but not until the court case.

This happened just last year. How are they going to reconcile these two rulings?

Re:Precedence in US Vs Forrester

[dreamchaser]

Right now they are two different things. US vs Forrester was a ruling by the 9th Circuit Court and this recent ruling was the NJ State Supreme Court. If they come into conflict it will have to go to the US Supreme Court. Incidentally, the 9th Circuit is one of the most overturned appeals courts in recent years.

I am guessing this issue will one day wind up before the US Supreme Court. We know that Congress won't address the issue, so it will probably be left to the lawyers in black robes.

Re:Precedence in US Vs Forrester

[andb52]

Even if there is an apparent conflict between the two rulings, such a contradiction will not necessarily be referred to the US Supreme Court. Remember, the New Jersey ruling was under the New Jersey Constitution, which provides far more rights to citizens than the United States Constitution. As such, even if there is not federal right to privacy with one's ISP, there still could be a right to privacy within the state of New Jersey.

Re:Precedence in US Vs Forrester

[dreamchaser]

And that is exactly the kind of conflict that will bring it to the Supremes. The Feds will try to get information without a warrant and the conflict will ensue.

Re:Precedence in US Vs Forrester

[tinkerghost]

And that is exactly the kind of conflict that will bring it to the Supremes. The Feds will try to get information without a warrant and the conflict will ensue.

Not really, State & Federal courts really move in different circles. The Feds will get info without the warrant & none of the proceeds will be usable for any ancillary state charges, but it won't affect the federal case.

The interesting thing to me is that the court ruled that the problem was with the type of seupona used. Per the article, the cops went & got one from a judge, but the court ruled that they needed to go to a grand jury instead. That seems a bit odd to me, it was my understanding that the GJ was usually brought in after most of the investigation was done, not at the beginning.

Re:Precedence in US Vs Forrester

[Ardeaem]

Incidentally, the 9th Circuit is one of the most overturned appeals courts in recent years. God, this meme needs to die. The 9th circuit also has a very highest number of cases. When you look at the numbers as proportions, the 9th Circuit isn't out of line.

Re:Precedence in US Vs Forrester

[moeinvt]

"The Feds will try to get information without a warrant and the conflict will ensue."

I've been waiting to see this type of conflict. I'm surprised that it would happen in New Jersey, but many states have their own Constitutions which define the Rights of their citizens even more broadly than what's in the U.S. Constitution. IANAL, but if I have certain Rights under my State Constitution, the fact that the same Rights are not specifically elaborated in the U.S. Constitution shouldn't mean that agents of the Federal government are free to trample on them.

It would be great if New Jersey had some guts and empowered the NJ State Police to arrest Federal agents for the crime of illegally spying on NJ residents.

Re:Precedence in US Vs Forrester

[Ioldanach]

IANAL, but if I have certain Rights under my State Constitution, the fact that the same Rights are not specifically elaborated in the U.S. Constitution shouldn't mean that agents of the Federal government are free to trample on them.

That's a problem that's existed since the time the Constitution was written. The Bill of Rights was a compromise because the Constitution is supposed to be a document saying very specifically what the government can do. By adding in a list of citizens rights they can't infringe upon the result is the implication that everything else is fair game, even though the Constitution specifically says, basically, "If it doesn't say you can do it, then you can't."

Not that we're using it anymore anyways.

Sure, privacy is nice

[BadAnalogyGuy]

But those poor folks still have to live in New Jersey.

Re:Sure, privacy is nice

[BadAnalogyGuy]

Hey, you're from Jersey? I'm from Jersey too! What exit?

Re:Sure, privacy is nice

[falcon5768]

Yet what you described is a area 3 times the size of Maryland. As long as your outside of Union, Middlesex, Hudson and Essex counties to the east, and the VERY edge of the Delaware river counties in the west (like maybe 4-5 miles across the edge), you would hardly SEE a city, heck maybe even a town since most of the interior of NJ is farmland.

Like I said, 99% of the people who make Jersey jokes have never even seen NJ for the most part. Except for a small area, NJ is very underpopulated. It just so happens the area that is, happens to be overpopulated.

As for Maryland though, I would take Newark ANY DAY over Baltimore. That city is just a scary place to drive through.

Re:great news for thieves

[SimonGhent]

This is awesome, it means I can continue running my warez site and harvesting email addresses for my spam bots without fear of getting caught. Cheers judge!

Unless the authorities get a warrant. Surely that's the way it should be?

This won't just effect people from NJ

[ConfrontationalGrayh]

AT&T's main NOC is in NJ. This is the NOC that handles most of their T1 traffic and troubles. They also have a smaller one in Kentucky, but the main one is in New Jersey.

Re:great news for thieves

[Applekid]

Surely that's the way it should be? Yes, except don't forget that even though there are separation of powers, they're ALL on the same team. If, say, the FISA court is any guide, only 5 out of 14,000 warrants were rejected by that court. Even if NJ courts are three times as finicky about their warrants, that's still 99.9% warrants happily approved.

I doubt real world warrants are as agonized and debated as on Law and Order. The reality is more likely that they're handed out without much coaxing, since it helps propagate the system (with warrants leading to charges leading to trials leading to collection of fees and justifying salaries).

Re:EULA

[ArwynH]

What EULA? They don't license you anything. This isn't software we are talking about you know. It's a contract you sign with your ISP. Their services in exchange for your money.

On the less pedantic side, do you really think the ISPs want to give your data away? There is no profit in doing so, in fact it might even cause customer loss, which is bad for business. No, the reason they give out your data is because they think they have a legal obligation to do so. Now the court has said it isn't, so they won't.

Grand jury is now required

[McCarr]

Comcast at least, won't now release subscriber information without a subpoena.This ruling requires that a grand jury must issue the subpoena not a municipal court. This raises the barrier quite a bit. The ruling is at:http://www.judiciary.state.nj.us/opinions/supreme/A-105-06%20State%20v%20Shirley%20Reid.pdf

Re:EULA

[jafiwam]

If the ISP can hide behind the EULA as a contract how long before banks and telecoms jump on this bandwagon?

Zero days. Banks are, and have been for a long time, training various staff members how to scan through account history and locate "suspicious" (as defined by the feds) activity.

It's called the "Know your customer" campaign.

And, since it's the bank data, the can do this as often and however they want, hand the data over as a friendly tip and there's not a goddamn thing you can do about it. (Aside from not use banks, which will probably get you on some other list.)

I know this, because I helped develop (the tech side) of several online courses given by several state banking associations during the 90's.

The banks already are spying on you, and it's all OK because it's strictly 'voluntary' (wink wink nudge nudge here's some payback in the form of ignoring your illegal loans to relatives).

Bankers in general, are always pansy ass suck ups, and especially so when it comes to the feds.

Text of ruling

[Sarcileptic]

The text of the NJ court ruling is here: http://abajournal.com/files/A-105-06_State_v_Shirley_Reid.pdf

Also interesting for what the court did *not* do

[BendingSpoons]

At least from my perspective. New Jersey courts are particularly active in holding that our State Constitution offers more protection than the federal constitution. (See State v. Nyhammer, 396 NJ Super 72, for a typically bizarre reading of the Fifth Amendment.*)

In this case, an appellate court had previously held that the New Jersey state constitution grants a broad-based right to "informational privacy." Some state constitutions explicitly grant a right to privacy; NJ doesn't, but the Court reads our constitution as having one anyway. And then the appellate court expanded this judicially-granted right to include "informational privacy." The NJ Supreme Court rejected this expansion, although they said that they might change their minds if technology progresses to the point where IP addresses are more freely available.

All in all, I'm happy they ditched the Appellate Division's interpretation. I liked the idea of informational privacy, but I didn't like it coming through the courts.

*In that case, police officers read Nyhammer his Miranda rights. Nyhammer waived his rights, signed the Miranda card, and confessed to molesting an 11-year old girl. The appellate court held that Nyhammer's fifth amendment rights were violated; although he waived his rights, he didn't know at the time that he was a suspect. Therefore, his waiver wasn't really knowing and voluntary, and the court overturned his conviction. Talk about an expansive reading of a right against self-incrimination.

Guilty but let go

[mlwmohawk]

As a card carrying member of the ACLU, I regret this sort of case, but it is never the less the proper outcome. For all the people who hate the ACLU because the defend the "guilty" because of a technicality of law, remember this sort of case.

Sometimes the question of an individual's guilt is secondary to the precedent which would be formed. It is absolutely the space between the rock and the hard place. Do you let a criminal go free or do you let an abuse of power go unchecked?

More often than not, it is a "guilty" person who is on the receiving end of injustice such as invasion of privacy or violation of the 4th amendment. It is unfortunate that we don't have more clearly innocent people to protect. Generally speaking, police believe the "criminal" to be guilty. More often than not, they are, but this does not excuse a violation of constitutional rights to get a conviction.

Our rights are in place to prevent the innocent from being falsely convicted by creating a system of checks and balances that is supposed to prevent abuse by police, prosecutors, etc. Inherent in the system is the acknowledgment that people are corrupt and corruptible but the hope that not all people are in the same pockets.

My favorite example is O.J. Simpson. I am as confident that he killed his wife as I am that police planted evidence to get a conviction.

What about federal interference.

[moxley]

This is great until the Feds come in and unconstitutionally trump that like they do whenever they wis to step all over state law.

Re:great news for thieves

[TheVelvetFlamebait]

Yeah, they're all in it together for the money.

Or maybe money (or lack thereof) is the reason they can't be bothered investigating every singe one of the 14,000 warrants. Maybe even only about 5 (or 10 or 15) were actually bad warrants, and the rest were perfectly legal and perfectly justifiable.

So, we have two possibilities: a) the government is cohesive, efficient, greedy, corrupt, ruthless, or b) the government is slow, inefficient, under-funded (at least, if you want every warrant triple checked by every layer of authority), and lazy.

I'm betting on b), based on previous encounters with governments and their employees. The separation of powers would also explain the inefficiency, which would in turn explain the low warrant rejection rate. Or I could be wrong, and it could be a) the evil plutocrats wanting quick arrests for some god-knows reason.

State and Federal citizen's rights

[Beryllium+Sphere(tm)]

As a historical note, that's the way the Founders meant things to work.

The Federalist Papers tried to reassure people that the proposed new Federal government couldn't succeed as a tyranny because the states would defend the rights of state citizens.

This has been largely forgotten since the national government had to step in and override state-level oppression of African-Americans.

Re:EULA

[Dusty00]

Two items of interest (disclaimer: I'm a former employee of the banking industry):

Banker's aren't trained to look for suspicious items in the invasive sense that you're suggesting. They don't check to see if you've made any purchases to "ImprovisedExplosiveSupplies.com". The suspicious activity they're looking for are related to money laundering. The "know your customer" campaign at most banks was related to some of the PATRIOT Act requirements imposed post 9/11 (and unlike most of the PATRIOT Act the requirements were relatively reasonable). After 9/11 all banks had to keep records of how you were identified when opening an account (copy of drivers license is sufficient I think, but I've been out of banking for a while).

The other item you leave out is that by Federal Law all bank employees (and I think this even filters down as low as the janitor) are required to have data protection training at least one per year. My bank is the last place I worry about my information getting out through.

And I don't know about the bankers you've met, but most I've met are very enamored with written rules. At the bank I work at, we weren't giving any information out to anyone who didn't have a warrant.