By Orin Kerr March 30, 2017
Most cars manufactured in the past three years come with event data recorders, sometimes known as “black boxes.” These devices are computers that record and store crash data in the event of an accident. Under regulations adopted by the National Highway Traffic Safety Administration, the event data recorders must record 15 data inputs. They include engine rpm, steering, the length and severity of the crash, and the braking during the crash. The data on the devices are intentionally difficult to access. Doing so generally requires specialized equipment that a typical car owner won’t have.
A new Florida state court decision, State v. Worsham, considers an interesting question: How does the Fourth Amendment apply to government efforts to retrieve data from event data recorders? Worsham was in a terrible accident, and his car was impounded. Twelve days later, the police downloaded the data from the event data recorder without obtaining a warrant. Worsham has been charged with drunken driving and vehicular homicide, and the police want to use the data from the event data recorder to show Worsham’s guilt.
The question is: Does the Fourth Amendment allow it?
The Florida court divides 2-1. According to the majority, accessing the data is a search that requires a warrant. Because the police accessed the data without a warrant, the evidence must be suppressed. From the majority opinion:
A car’s black box is analogous to other electronic storage devices for which courts have recognized a reasonable expectation of privacy. Modern technology facilitates the storage of large quantities of information on small, portable devices. The emerging trend is to require a warrant to search these devices. See Riley v. California, 134 S. Ct. 2473 (2014) (requiring warrant to search cell phone seized incident to arrest); Smallwood, 113 So. 3d 724 (requiring warrant to search cell phone in search incident to arrest); State v. K.C., 207 So. 3d 951 (requiring warrant to search an “abandoned” but locked cell phone).
The majority offers several rationales for its decision, but this seems to be the main one:
Extracting and interpreting the information from a car’s black box is not like putting a car on a lift and examining the brakes or tires. Because the recorded data is not exposed to the public, and because the stored data is so difficult to extract and interpret, we hold there is a reasonable expectation of privacy in that information, protected by the Fourth Amendment, which required law enforcement in the absence of exigent circumstances to obtain a warrant before extracting the information from an impounded vehicle.
Although electronic data recorders do not yet store the same quantity of information as a cell phone, nor is it of the same personal nature, the rationale for requiring a warrant to search a cell phone is informative in determining whether a warrant is necessary to search an immobilized vehicle’s data recorder. These recorders document more than what is voluntarily conveyed to the public and the information is inherently different from the tangible “mechanical” parts of a vehicle. Just as cell phones evolved to contain more and more personal information, as the electronic systems in cars have gotten more complex, the data recorders are able to record more information. The difficulty in extracting such information buttresses an expectation of privacy.
The dissent argues that people have no reasonable expectation of privacy in the data stored in event data recorders:
In contrast to a cellular phone, an EDR does not contain “a broad array of private information” such as photos, passwords, and other “sensitive records previously found in the home.” Riley v. California, 134 S. Ct. 2473, 2491 (2014). Significantly, the EDR in the instant case did not contain GPS information relative to the vehicle’s travels, which may be subject to privacy protection. See United States v. Jones, 565 U.S. 400, 415-17 (2012) (Sotomayor, J., concurring) (expressing concern with GPS information which “reflects a wealth of detail about [a person’s] familial, political, professional, religious, and sexual associations”). As noted in the majority opinion, the EDR in this case was only recording speed and braking data, the car’s change in velocity, steering input, yaw rate, angular rate, safety belt status, system voltage, and airbag warning lamp information. Moreover, this data had not been knowingly inputted by Appellee; in fact, it is likely that Appellee did not even know that the vehicle he was driving had an EDR. Therefore, it would be quite a stretch to conclude that Appellee sought to preserve this information as “private.”
More from the dissent:
The data that the government extracted from the vehicle that was owned and driven by Appellee in this case was not information for which Appellee or any other owner/driver had a reasonable expectation of privacy. The data was not personal to Appellee, was not password protected by Appellee, and was not being collected and maintained solely for the benefit of Appellee. The EDR was installed by the vehicle’s manufacturer at the behest of the National Highway Traffic Safety Administration and, as distinct from Jones, the purpose of the data collection is highway and driver safety. See New York v. Class, 475 U.S. 106, 113 (1986) (“[A]utomobiles are justifiably the subject of pervasive regulation by the State [and e]very operator of a motor vehicle must expect the State, in enforcing its regulations, will intrude to some extent upon that operator’s privacy.”).
Here’s my tentative take: This is a pretty tricky question based on current Fourth Amendment caselaw. Applying that caselaw, I would think that accessing the event data recorder was likely a search. On the other hand, it’s not obvious to me that it requires a warrant.
Accessing the data was likely a search because it was accessing a closed container inside the person’s property. That’s a classic kind of Fourth Amendment search. Whether the contents of the container were sensitive or personal, or how hard it was to access the container, doesn’t strike me as relevant here. Because this was an access to a container, revealing information that was hidden from view, what I would call the private facts model doesn’t apply under Arizona v. Hicks.
There’s a counterargument that this shouldn’t be a search under United States v. Knotts, the beeper case. But the event data recorder stores all sorts of data that were not exposed to public observation, so I would tend to think Knotts doesn’t apply. There’s also a counterargument that this is like reaching in to move papers from the VIN on a car that was said to not be a search in New York v. Class. But a VIN is exposed to the public while the data in the black box isn’t, and the statement as to VINs in Class appears to be dicta. On the whole, my tentative sense is that this was a search.
Whether accessing the data should require a warrant is an interesting question. I’m not sure of the answer. This was information in an automobile: Should the automobile exception apply such that the government needs probable cause but no warrant? Perhaps not, on a theory that Riley trumps the automobile exception and the auto exception doesn’t apply to electronic storage devices. See United States v. Camou. Or perhaps so, on the thinking that Riley doesn’t change the automobile exception. Also, there’s a plausible argument that the regulations governing event data recorders “diminish” the expectation of privacy such that no warrant should be required even though accessing them is a search. See Delaware v. Prouse.
These are tricky questions, I think, at least based on current Fourth Amendment caselaw.
Orin Kerr is the Fred C. Stevenson Research Professor at The George Washington University Law School, where he has taught since 2001. He teaches and writes in the area of criminal procedure and computer crime law.