A Schrödinger's Onion Approach to the Problem of Secure Internet Communications


The laws governing privacy in electronic communications have developed as a statutory response to a problem of constitutional magnitude. Congress enacted the Electronic Communications Privacy Act of 1986 (ECPA)(FN1) to extend constitutional norms to emerging contexts. Congress did so after the absence of such statutes caused confusion and uncertainty, obviated post hoc decision-making by the courts, and chilled rights. The age of the Internet has transformed our social conditions respecting the freedoms of speech and privacy, as well as our public needs respecting security. But the ECPA has not been amended to be Internet regarding. Those modifications which have been implemented have been in response to changes in politics and not to changes in technology. Emerging technologies highlight the failures of our present statutory scheme. One such technology, the Tor network, employs onion routing to enable anonymous Internet communication at the socket level. Anonymity as such frustrates the extension of property law into the privacy context. Privacy doctrine derived from the law of real property fills our case- and codebooks and chills our actions by retrofitting previously inconceivable modes of communication into ancient analogies. Further, these technologies themselves have both the power to legislate human activity as well as dictate statutory and constitutional capabilities. Understanding that technology will present us with ever more complex issues, we require new, creative solutions to animate old constitutional principles. Much of the debate has focused on institutional competence to adapt to a changed landscape. I propose that, before we reach the question of institutional competence, we decide some basic presumptions. I advocate a baseline shift in the form of a Schrödinger's Onion approach. In the absence of knowledge, we should presume the object of our inquiry demands the highest protection. U.S. citizens engaged in lawful acts are entitled to heightened protection against their constitutional rights' deprivation by surveillance or disclosure of their electronic communications or records to governmental entities. The reach of those fundamental rights has been limited to statutory protection when information is electronically transmitted to a third party. The review afforded non-citizens engaged in the same transactions is still uncertain. Determining to whom Internet packets and records relate—whether they relate to U.S. citizens and are thus entitled to a high standard of scrutiny for subpoena or they relate to non-citizens and thus could require something less—invites a Schrödinger's Onion approach: without examining the unencrypted packets in full, one must presume they relate at once to both U.S. citizens and non-citizens alike. Reprinted by permission of the publisher.


Technological innovations -- Social aspects, Computers & privacy, Data security, Freedom of speech, Internet security, Right of privacy, Electronic Communications Privacy Act, United States



Joshua A. Altman (Washington University School of Law)



Publication details



All rights reserved

File Checksums (MD5)

  • pdf: 42171e518451087db035ead359efd2c4