Publication Date



For over 40 years, the Supreme Court has permitted
government investigators to warrantlessly collect
information that citizens disclose to third-party service
providers. That third-party doctrine is under significant
strain in the modern, networked world. Yet scholarly
responses typically fall into unhelpfully extreme camps,
either championing an absolute version of the doctrine
or calling for its abolition. In Carpenter v. United
States, the Court suggested a middle road, holding that
some categories of data—such as digital location
information collected from cell phones—do not neatly
fall into the third-party doctrine’s dichotomy between
unprotected, disclosed information and protected,
undisclosed information. But the majority elucidated
little rationale upon which to draw such nuanced
This Article provides the missing rationale for such
categorization: informational sensitivity. Disclosure to a
third party matters but is not a trump card. Sensitivity
matters too. I thus propose a two-step test to determine if
the government must obtain a warrant before collecting
information from a third party. First, the Court should
analyze the information’s sensitivity, placing it on a
sensitivity continuum rather than a disclosure
dichotomy. The Court can look to related jurisprudence,
and the inherent meaning such information conveys, to
determine placement on that continuum. Second, if the

information is sensitive, the Court should decide
whether the government has collected enough of it to
create an informational mosaic of the citizen. If so, that
collection is a search.
The Court has long held that some data, like medical
records or phone conversations, are too sensitive to be
warrantlessly collected from third parties.
Intermediately sensitive data, like the financial
information in United States v. Miller and the cell site
location information in Carpenter, might be
warrantlessly collected in small amounts, but is too
sensitive for warrantless collection in bulk. The Court
should adjust the third-party doctrine to account for
such sensitive information and craft provisional rules to
protect it. Doing so will enhance both the public’s
security and its regard for the Court.

Included in

Privacy Law Commons