EFF Applauds Amazon For Pushing Back on Request for Echo Data
The number of Internet-enabled sensors in homes across the country is steadily increasing. These sensors are collecting personal information about what’s going on inside the home, and they are doing so in a volume and detail never before possible. The law, of course, has not kept up. There are no rules specifically designed for law enforcement access to data collected from in-home personal assistants or other devices that record what’s going on inside the home, even though the home is considered the heart of Fourth Amendment protection. That’s why it’s critical that companies push back on requests via currently existing rules for data collected via these new in-home devices.[1] EFF applauds Amazon for doing just that—pushing back on a law enforcement request for in-home recordings from its Echo device.
The widely-publicized case involves a first-degree murder investigation out of Bentonville, Arkansas. The victim, Victor Collins, was found in November 2015 his friend’s home. The two had been drinking and watching football with a few others at the friend’s home the night before. The friend, James Bates, was charged with first-degree murder. He pled not guilty and is currently awaiting trial.
During a search of the defendant’s home in December 2015, police found an Amazon Echo in the kitchen. The police seemed to think that the device—which is “always listening” to its surrounding for its “wake” words, Alexa, Echo, or Amazon—may have recorded what went on inside the home. They seized the device and later served Amazon with a warrant for any “audio recordings, transcribed records, or other text records related to communications and transactions” between the Echo device and Amazon’s servers for a 48-hour period surrounding the incident, along with subscriber and account information. Amazon turned over the defendant’s subscriber information and purchase history, but it refused to turn over any recordings or transcripts.
The police sought to get the data via another route. A few months later, they got a second warrant—this time to search the devices they had in their possession: the physical Echo device and the defendant’s two cell phones (which, if the defendant used the Alexa app, could have contained Alexa recordings or transcripts). They were able to “extract the data” stored on the Echo device and one of the defendant’s phones, but the second phone was encrypted.
In December 2016, the State of Arkansas informed Amazon that it intended to enforce the original warrant. Amazon filed a motion to quash the warrant on February 17, 2017. Amazon argued that the request for the Alexa recordings and transcripts implicated First Amendment protected speech and that the police therefore needed to make a heightened showing before it could compel Amazon to turn over the information. As Amazon explained, the First Amendment protects not only users’ verbal requests to Alexa, but also Alexa’s responses. Alexa’s responses are protected for two reasons. First, they contain expressive material specifically requested by the user, such as podcasts, books, or music. Second, the responses are also the speech of Amazon, and they are protected the same way that a search engine’s results are protected. (Read: Despite some early reports to the contrary, Amazon never argued that the device itself had constitutional rights.)
Amazon argued that because the police were seeking access to First Amendment protected content, they needed to show a compelling need for the information and establish a sufficient nexus between the information sought and the underlying investigation. The Bentonville police hadn’t done that, so Amazon was right to push back.
A hearing on Amazon’s motion was scheduled for March 8, but it was cancelled after the defendant agreed to release the information to the authorities. With Bates’ consent, Amazon has since turned over the requested recordings to the Bentonville police. We applaud Amazon for sticking up for its user’s rights and pushing back until it had that consent.
[1] Depending on what data is requested, generally applicable data protection laws may apply, but they may not in all cases, especially where the data requested is especially sensitive.
Recent DeepLinks Posts
-
Mar 19, 2017
-
Mar 17, 2017
-
Mar 17, 2017
-
Mar 17, 2017
-
Mar 17, 2017
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- UK Investigatory Powers Bill
- International
- Know Your Rights
- Privacy
- Trade Agreements and Digital Rights
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Artificial Intelligence & Machine Learning
- Biometrics
- Bloggers' Rights
- Border Searches
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Eyes, Ears & Nodes Podcast
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Government Hacking and Subversion of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- ICANN
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Reclaim Invention
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Shadow Regulation
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized