Click here for PDF*
Smart meters know when you’re sleeping. They know when you’re awake. They might even know whether you’re in the shower or watching TV. Utility companies are steadily installing these smart meters on consumers’ homes. Unlike traditional energy meters, which show a household’s aggregated electricity use each month, smart meters collect fine-grained, minute-by-minute data about electricity use and transmit it back to the utility at regular intervals. This data, when collected over time and analyzed, can reveal the activities and behavioral patterns of a household. Utility records have long been of interest in law enforcement investigations, and the detailed information contained in smart meter data can provide police with infinitely more insight into people’s homes.
Traditionally, law enforcement would need a warrant to gain access to one’s home. However, smart meters take information about the activities that occur inside the home and put it in the hands of a third party—the utility company. Under the Third-Party Doctrine, that information loses Fourth Amendment protection and becomes subject to warrantless collection. This counter-intuitive result is produced by a line of Fourth Amendment cases that have conceptualized privacy as binary: personal information is either private or has been shared with a third party for any reason, making it public.
Since the adoption of the “reasonable expectation of privacy” test in Katz v. United States, courts have relied on public/private dichotomies as substitutes for genuine inquiries into society’s expectations of privacy. The Third-Party Doctrine epitomizes this binary approach, holding that information disclosed to a third party under any circumstances is public. The doctrine has been invoked to remove Fourth Amendment protection from financial records, phone records, cell site location data, email records, and Internet browsing data. Much of our personal information—whom we call or email, what we buy, what we read, where we travel—is contained in electronic records, and many of these records are stored on third-party servers. By removing constitutional privacy protections from this vast swath of data, the Third-Party Doctrine has swallowed the Fourth Amendment. Scholars have argued that the Third-Party Doctrine’s blunt approach does not fit the reality of digital data. Some scholars have advanced a “contextual approach” to Fourth Amendment privacy—one that looks to social norms to determine whether a particular disclosure is “expected” under the circumstances.
With its recent decision in Riley v. California, the Supreme Court has taken an encouraging step toward a more contextual approach to digital privacy. In Riley, a unanimous Court refused to extend the search-incident-to-arrest warrant exception to the contents of an arrestee’s cell phone. Although Riley did not deal directly with the Third-Party Doctrine, it weakened the doctrine’s assumptions in at least two ways. First, the Riley Court acknowledged that digital data, stored and aggregated in large quantities, can reveal a detailed picture of an individual’s private life, imbuing each individual piece of data with an informational value that it might not have had standing alone. In fact, the Court compared the contents of a cell phone to the contents of one’s home. Second, and more importantly, the Court rejected the assumption that expectations of privacy are binary when it held that an arrestee could forfeit Fourth Amendment protection in a cigarette pack but not a cell phone, even if both were stored in his pocket.
In the Court’s view, the mere fact that we can now carry vast amounts of personal information in our pockets does not mean we do not expect some privacy in that data. Third-Party Doctrine critics argue that the same is true of information held by third parties—it subverts society’s expectations to hold that information stored on a hard drive is private while information stored in the cloud is public. This Recent Development argues that when this more contextual approach is applied to the warrantless collection of smart meter data—information about activities that occur inside the home but collected by a third-party provider—the Third-Party Doctrine becomes irreconcilable with the Fourth Amendment principles articulated in Riley.
This Recent Development proceeds in three parts. Part I discusses the development of the Fourth Amendment expectation of privacy doctrine, focusing on how the doctrine has evolved in the face of technology. Part II discusses two categories of Fourth Amendment interpretation: one that treats information privacy as a binary public/private concept and another that treats expectations of privacy as contextual. Part II argues that Riley’s approach to digital privacy falls toward the latter category by subverting expectations and attempts to put privacy back in context by grappling with the realities of how we interact with technology and the expectations we have for those interactions. Part II also notes that lower courts discussing Riley have suggested that the Supreme Court might overturn the Third-Party Doctrine if confronted with a set of facts that was Riley-esque but where police obtained the data from a third party instead of directly from an individual. Part III argues that those facts can be found in the case of smart meters. By putting highly personal information—one’s activities inside the home—in the hands of a third party, the smart grid models the perverse effects of the Third-Party Doctrine in the digital age.
The binary approaches to the Fourth Amendment are dichotomies that courts draw, essentially creating shortcuts to determine whether a constitutionally protected privacy interest exists. The first such dichotomy was whether the government had invaded a “constitutionally protected area.” Before the Court introduced the “reasonable expectation of privacy” test in Katz v. United States, the Fourth Amendment only applied to the “protected areas” enumerated in the Fourth Amendment: “Persons [e.g., bodies], houses, papers, and effects [e.g., cars].” Searches typically required police to physically enter a person’s home. In Olmstead v. United States and Goldman v. United States, the Court found that tapping or otherwise eavesdropping on a person’s phone call was not a Fourth Amendment search because it did not require penetration of the four walls of the home or office. These early cases reflected the narrow view that the ability to obtain information without entering into a “protected area” excluded that information from Fourth Amendment protection. For Fourth Amendment purposes, information was either obtainable only in a protected area and therefore private, or the information was public.
In 1967, the Supreme Court redefined the contours of the Fourth Amendment when it decided Katz. The Court held that FBI agents had conducted an unconstitutional warrantless search when they attached an electronic recording device to the exterior of a public phone booth and recorded Katz’s conversations. Rejecting the appeals court’s reasoning that there was no search because the device did not penetrate the wall of the phone booth, Justice Potter Stewart declared that “the Fourth Amendment protects people, not places. . . . [W]hat [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.” The Katz Court still seemed to demand some level of secrecy, but it rejected the idea that “constitutionally protected areas” could provide a “talismanic solution” to Fourth Amendment questions.
When the Supreme Court introduced the “expectation of privacy” doctrine in Katz, it indicated that, to some extent, privacy would turn on social norms. A phone booth might be more exposed than one’s home, and a phone booth user may even know that his call could be intercepted, but the Court acknowledged a societal expectation that the content of one’s conversation would not flow beyond the parties to the conversation. However, even as it introduced this new doctrine, Katz maintained a binary conceptualization of privacy that relied on the secrecy of information. This secrecy model has become increasingly problematic in the digital age. As new technology has made it easier for law enforcement to collect formerly obscured information, courts have envisioned privacy as a “discrete commodity” that is wholly lost once information is exposed. In United States v. Knotts, the Court held that it was not a “search” to place a beeper in a suspect’s car and monitor his location using the signal, finding that “[a] person traveling in an automobile on public thoroughfares has no reasonable expectation of privacy in his movements from one place to another.” Instead of evaluating whether society would expect a person’s every move to be followed, the Court focused on the fact that the movements occurred in public and were therefore vulnerable to collection. By limiting Fourth Amendment protection to secret information, the Court has traded one binary for another.
The Third-Party Doctrine is an extreme expression of this binary approach. The doctrine usually arises when law enforcement obtains information without a warrant and uses it as evidence in a criminal prosecution or to obtain a warrant. Under the doctrine, if information is exposed to any third party for any reason, it is no longer private and can be obtained without a warrant. The doctrine first arose in United States v. Miller, but its widespread adoption resulted from lower-court interpretations of Smith v Maryland. In that case, the Court held that no search occurred when law enforcement used a pen register device to obtain from the telephone company a record of the numbers dialed by an individual. Justice Blackburn, writing for the Court, found that Smith had no reasonable expectation of privacy in the phone numbers he dialed, since telephone users “typically know that they must convey numerical information to the company” for “legitimate business purposes.” The Court in 1979 could not have foreseen its impact on privacy in the digital age, but the doctrine endures nonetheless.
Now that most of our data is stored on third-party servers, the Third-Party Doctrine has effectively removed vast amounts of digital data—much of which includes personal information—from Fourth Amendment protection. Information deemed open to warrantless collection includes location data transmitted through cell phone signals, IP addresses and other information provided to an Internet Service Provider, and even files downloaded using peer-to-peer file sharing software. As Part III will discuss, multiple federal courts have found energy usage data to be subject to warrantless collection from utility companies. In many ways, the Third-Party Doctrine represents a return to outmoded ideas that the Fourth Amendment only protects certain inherently private spaces. If the doctrine were taken to its logical extreme, data stored on one’s phone would be protected while the same data stored on a cloud server would be unprotected. The doctrine betrays Katz by making this first-party/third-party dichotomy a “talismanic solution” to Fourth Amendment questions.
Despite this persistent trend, the Court has occasionally recognized the contextual nature of privacy, acknowledging that information can be vulnerable to collection without losing its protection wholesale. The contextual approach to privacy was first introduced by Helen Nissenbaum as the “contextual integrity” theory of privacy, which has since been adapted as a Fourth Amendment model by other scholars. According to Nissenbaum, privacy requires “respect for the appropriate flow of information about identifiable persons within particular social contexts.” Different contexts, such as healthcare, home life, and finance, are governed by different information norms. These norms are determined based on the particular “actors” (the subjects, receivers, and senders of information), informational “attributes” (the type of record, e.g., a medical record), and “transmission principles” at play (e.g., whether the record was disclosed for a specific reason or use or whether there was a confidential relationship between the parties). Privacy is violated when these norms are broken.
In United States v. Jones, the Court acknowledged that information once viewed as “public”—individuals’ movements from place to place on public thoroughfares—might implicate privacy interests when collected over a long period of time. However, the Jones majority resorted to the binary “trespass” theory of the Fourth Amendment to ultimately decide the case. In Kyllo v. United States, the Court refused to apply such a “mechanical interpretation of the Fourth Amendment” as to find that the use of thermal imaging was not a search because it only detected heat radiating from a home’s external surface. Instead, the Court found the use of technology to obtain information about the interior of the home analogous to physically intruding into the home. Unfortunately, Kyllo also stopped short of a truly contextual approach to privacy. Justice Scalia’s majority opinion emphasized the use of technology “not in general public use” to obtain information “regarding the interior of the home” not otherwise obtainable without physical intrusion. Kyllo thus left unanswered the question of whether a technology in general use, such as a smart meter, could reveal personal information in a context that is contrary to society’s expectations. As Part II will discuss, Riley went a step further toward contextualizing privacy.
In Riley, the Supreme Court considered whether cell phone data fell under the search-incident-to-lawful-arrest warrant exception, which allows officers to search an arrestee’s person, including items found in his pockets, such as a cigarette pack. A unanimous Court found that a warrant was required to search a cell phone because “digital information on a cell phone . . . implicates substantially greater individual privacy interests than a brief physical search.” Chief Justice Roberts, writing for the Court, compared a cell phone to a person’s house in its capacity to hold different types of data in large quantities and reveal “[t]he sum of an individual’s private life.” Moreover, the Court did not find that the search was justified based on the “arrestee’s reduced privacy interests upon being taken into police custody.” The Court found the search to be more than a “minor additional intrusion” into the arrestee’s privacy. Roberts wrote that “[t]he fact that an arrestee has diminished privacy interests does not mean that the Fourth Amendment falls out of the picture entirely.” The Court declined to categorically subject to unwarranted search all of an arrestee’s information simply because he could carry it in a device in his pocket. Thus, the Riley Court rejected a binary application of the Fourth Amendment and acknowledged that the nature of digital data and the context of disclosure bear on society’s expectations of privacy.
The privacy interests in Riley turned on the ability of digital data, when stored in large quantities, to reconstruct a person’s life. Chief Justice Roberts’s opinion focused on the “quantitative” and “qualitative” differences between digital data stored on a cell phone and physical objects such as a cigarette pack. Roberts wrote that cell phones combine “immense storage capacity” with “the ability to store many different types of information,” resulting in data “that reveal much more in combination than any isolated record,” and allowing “even just one type of information to convey far more than previously possible.” Citing Justice Sotomayor’s concurrence in United States v. Jones, the Chief Justice concluded that “[t]he sum of an individual’s private life,” including his “specific movements down to the minute, not only around town but also within a particular building,” could be reconstructed through the data found on a smart phone. When large quantities of data are stored in one place, each individual piece of data—perhaps meaningless on its own—becomes more informative by relation to the other data. Riley is the first majority Supreme Court opinion to recognize this mosaic-like effect of cell phone data and its privacy implications.
The Riley Court’s approach to expectations of privacy was more contextual than binary. The Court refused to view all information found on an arrestee’s person as subject to disclosure because of its proximity to the arrestee and because of the arrest itself. Instead, the Court looked at the context of the disclosure and the nature of the information to determine that an arrestee maintained a privacy interest in this immense trove of personal information. Viewed through the lens of Nissenbaum’s theory, the inquiry in Riley was sensitive to the change in informational attributes between a cigarette pack, which is limited in its ability to contain information, and a cell phone, which has limitless informational value. The Court understood that this difference affected the social norms governing the disclosure of information in each case. While we might expect the physically tangible items we carry in our pockets to be searched and even seized if we are taken into police custody, we do not expect all of the contents of our cell phones—contacts, text messages, emails, documents, pictures—to be disclosed just because we can also carry that data around in our pockets.
Despite the fact that Riley explicitly did not overturn the Third-Party Doctrine, at least one lower court has noted its potential impact on future digital privacy cases that do implicate third parties. In United States v. Guerrero, the Fifth Circuit upheld the warrantless collection of historical cell site location information (“CSLI”) based on the fact that the government obtained the information from a third party. While nothing in Riley would allow the Fifth Circuit to ignore the Third-Party Doctrine precedent, the court suggested that perhaps
the ‘technology is different’ rationale that led the Riley Court to treat an arrestee’s cell phone differently from his wallet will one day lead the Court to treat historical cell site data in the possession of a cellphone provider differently from a pen register in the possession of a pay phone operator.
The court added that “commentators have debated the effect Riley may have if a ‘third party’ case involving modern technology were to end up at the Court.” The next part of this Recent Development argues that a challenge to law enforcement collection of smart meter data could be just such a case.
The current application of the Fourth Amendment to utility data ignores the possibility that society might expect the data to be disclosed in certain contexts and not in others. Since utility data is created specifically to be collected by a utility company and can only be collected from a third party, all data generated about a household’s use of electricity, regardless of its ability to reveal personal information, falls outside of the Fourth Amendment. Utility data concerns information from inside one’s home, the core of Fourth Amendment protection. Smart meter data ups the ante by providing infinitely more information about the lifestyles and behaviors of a household’s inhabitants. This is a paradigmatic example of how the Third-Party Doctrine subverts society’s expectations of privacy by classifying information as either wholly private (if secret) or wholly public (if disclosed).
This Part provides background information on smart meters and the smart grid and discusses the privacy problems associated with smart meters. It then discusses the case law, which reveals that the Third-Party Doctrine has removed Fourth Amendment protection from utility data, including smart meter data. This Part concludes with an argument that a contextual approach to Fourth Amendment expectations of privacy would protect smart meter data from flowing beyond utility companies but for the inharmonious Third-Party Doctrine. Thus, the Supreme Court should follow the trajectory it started with Riley and overturn the Third-Party Doctrine.
The Energy Independence and Security Act of 2007, Title XIII, established a national policy to modernize electricity transmission and distribution. Part of the policy involves implementing new technologies to increase the amount and flow of information about energy use between consumers and utilities. Taken together, these technologies make up the “smart grid.” As part of this effort to modernize the grid, utility companies increasingly are installing smart meters on consumers’ homes. In 2011, the U.S. Energy Information Administration reported that more than thirty-three million U.S. utility customers had smart meters. Three million additional smart meters were installed between January and August 2012, and the agency estimated that the number of customers with smart meters would exceed eighty million by 2015.
In many places, smart meter adoption is all but compulsory. Utility companies typically inform the consumer that a smart meter will be installed and then send an employee to install the meter. In 2012, responding to consumer complaints, the California Public Utilities Commission required Pacific Gas and Electric Company to provide consumers in California the option to opt out of smart meter installation. Some other states have opt-out processes, some of which involve charging an opt-out fee. Other states do not provide information or instructions to consumers for opting out.
Smart meters constantly collect fine-grained data on a household’s electricity use and transmit the data to the utility companies as frequently as every fifteen minutes. They generate up to 3,000 data points per month per household. The meters are touted as a tool to help consumers save energy and money by keeping track of their energy use patterns over time.
These detailed records of electricity usage can reveal when a person goes to bed every night and wakes up every morning, how many people live in a household, when people are at home and out of town, and even what specific appliance is being used at a given time. Over time, these data can reconstruct a detailed picture of people’s behavior and private lives. A Privacy Impact Assessment conducted by the National Institute of Standards and Technology (“NIST”) concluded that the data collected by smart meters raise privacy concerns because they can reveal consumers’ lifestyle information and information about the use of specific appliances. New smart appliances come with unique “load signatures,” which can be identified through the analysis of smart meter data. By recording these load signatures, smart meters can reveal when and for how long a particular appliance was used. This information can provide insight into personal health information such as eating and exercise habits. In a 2012 study in Germany, researchers were able to analyze smart meter data to determine what television programs a household was watching. Thus, smart meter data implicates not only energy usage but also behavioral information and potentially even media consumption and communication records.
As new localities continue to introduce smart meters, the data they collect remains largely unprotected. In its Privacy Impact Assessment, the NIST found a “lack of privacy laws or policies directly applicable to the smart grid.” Only a few states have passed laws limiting disclosure of utility data, and no federal law directly addresses this type of information. This treasure trove of information about people’s behavior will attract public and private entities alike that want to mine the data for commercial or surveillance purposes. Insurance companies, for example, might want to monitor the activities of households that are covered by their policies. Companies that sell smart appliances may want to monitor the use of those appliances for warranty purposes. Some advertisers have already expressed their intent to use this data. WPP, the world’s biggest advertising agency, announced that it was teaming up with a London-based software company to study ways to collect smart meter data, saying that it would “open the door of the home.” And law enforcement, the focus of this Recent Development, may be interested in collecting smart meter data as part of criminal investigations. Like the cell phone at issue in Riley, smart meters can store and transmit, in large quantities, different types of personal information. However, because of the infrastructural design of smart meter technology, law enforcement officers can and do collect this data not from individuals directly but from third-party service providers.
Law enforcement historically has used energy use records in criminal investigations, usually involving marijuana-growing operations. In the years since Smith v. Maryland was decided, courts have relied on the Third-Party Doctrine to hold that no warrant is needed for the collection of these records from utility companies. Most of these cases have involved traditional utility records, which show aggregated measures of energy use.
In United States v. Golden Valley Electric Association, the Ninth Circuit held that consumers lacked a reasonable expectation of privacy in energy consumption records because they had “no possessory or ownership interest” in the records held by a utility company. In Golden Valley, the Drug Enforcement Administration (“DEA”) served an administrative subpoena on Golden Valley, an electricity cooperative, to provide energy consumption records pertaining to three customer addresses. Golden Valley, which had a company policy of protecting the confidentiality of members’ records, challenged the subpoena on Fourth Amendment grounds. Although the administrative subpoena was subject to relaxed Fourth Amendment standards, the Ninth Circuit addressed the consumers’ privacy interest in utility records. Relying on United States v. Miller, which involved the collection of bank records, the Court held that “[a] customer ordinarily lacks ‘a reasonable expectation of privacy in an item,’ like a business record, ‘in which he has no possessory or ownership interest.’ ” The court further concluded that the energy usage records were not “inherently personal or private.” Thus, instead of inquiring into society’s expectations regarding the disclosures, the Ninth Circuit conceived of utility records as “inherently” not private, based on the fact that they were held by a third party and thus out of the consumers’ physical control. It ignored the confidential relationship between the utility company and its customers and the effect of that relationship on the social norms governing the flow of information.
In Idaho v. Kluss, the Court of Appeals of Idaho adopted Smith v. Maryland’s binary “voluntary disclosure” approach to privacy. In Kluss, an Idaho Bureau of Narcotics officer obtained defendant Kluss’s power consumption information without a warrant from a utility company in order to determine whether Kluss was using special marijuana “grow lights.” The officer was able to compare Kluss’s consumption to that of the previous residents to determine that Kluss’s consumption was high. The officer used this information to obtain a subpoena for the written utility records and a warrant to search Kluss’s home. Kluss was ultimately convicted of growing and possessing marijuana. The court held that, under Smith v. Maryland, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties,” and thus the Fourth Amendment does not protect utility records. This “voluntary disclosure” approach ignores the context of disclosure and its effect on expectations of privacy. It treats any disclosure to any party for any reason as a voluntary ceding of all privacy protection.
In United States v. McIntyre, the Eighth Circuit acknowledged that utility records can reveal normally protected information about the inside of a person’s house but still declined to protect that information when law enforcement collected it from a third party. In McIntyre, Nebraska State Patrol investigator Jason Sears obtained defendant McIntyre’s electricity usage records using an administrative subpoena. Sears discovered a spike in McIntyre’s electricity usage for November 2008, which later turned out to be inaccurate, and cited that spike in an affidavit to obtain a warrant for thermal imaging to detect a marijuana growing operation. McIntyre argued that investigators should have obtained a warrant because his utility records “contained intimate details about the interior of his home.” The Eighth Circuit reaffirmed that there was no expectation of privacy in information revealed to a third party, “even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” The language of McIntyre is telling. It reveals the Third-Party Doctrine’s interpretation of the Fourth Amendment as completely divorced from social norms and expectations of confidentiality.
McIntyre argued that “power records are different” because they reveal information about the interior of one’s home. He relied on Kyllo, arguing that the information obtained was indistinguishable from that in Kyllo. The court rejected McIntyre’s argument because “the manner in which the information was obtained in Kyllo” bore “no resemblance to obtaining power data from a third party.” Thus, while McIntyre and Kyllo both concerned information about the interior of the home, Kyllo did not apply because the officers in McIntyre could obtain the information from a third party without using “sense-enhancing technology.” This interpretation of the Fourth Amendment resembles the outmoded “constitutionally protected areas” doctrine. The court used arbitrary digital boundaries to define expectations of privacy rather than conducting a normative inquiry into society’s expectations.
In 2013, the Northern District of Illinois applied the Third-Party Doctrine to smart meter data in Naperville Smart Meter Awareness v. City of Naperville. Naperville Smart Meter Awareness (“NSMA”), a coalition of Naperville, Illinois residents who were required to have smart meters installed at their homes or businesses, sought to enjoin Naperville from installing the smart meters until reasonable privacy safeguards were in place and a satisfactory alternative option for all customers was available. The court extended Smith v. Maryland, finding that the residents consented to having their information monitored by transmitting it to the utility company. Naperville did not involve the collection of information from a third party—the objected-to collection was by the third party itself. By extending the Third-Party Doctrine in this case, the court equated plaintiffs’ knowledge of the data collection with consent, even though the plaintiffs were suing in objection to the collection itself. This rationale is an example of a “well-known logical trap” in which the knowledge of data collection is equated with the inability to expect privacy in the data. The knowledge-as-consent rationale is particularly counterintuitive in the case of utility meters, which are necessary fixtures for most people who use electricity.
The cases applying the Third-Party Doctrine to utility data take a binary approach to information privacy. Even though customers disclose their data only to the utility company for the limited purpose of billing, this limited disclosure exempts the information from Fourth Amendment protection. Reasonable assumptions about confidentiality between the consumer and the utility company do not bear on the courts’ inquiry into whether a reasonable expectation of privacy exists. This approach is contrary to that in Riley, which recognized that the specific context of a disclosure—not the storage method or vulnerability of the data to collection—determines whether society expects privacy.
This Recent Development has argued that Riley adopted a much-needed contextual approach to digital privacy by (a) acknowledging that digital data, stored and aggregated in large quantities, can reveal a detailed picture of an individual’s private life, imbuing each individual piece of data with an informational value that it might not have had standing alone, and (b) refusing to equate the vulnerability of information with a loss of privacy interests. Applying the same principles to smart meter data would support its protection under the Fourth Amendment.
The type of information that can be learned from collecting and analyzing smart meter data lies at the core of Fourth Amendment protection. Smart meters implicate privacy by aggregating hundreds of thousands of data points that together reconstruct the behavioral patterns of a household. Law enforcement already uses traditional utility data to learn information from inside the home, and smart meters would only increase the amount, types, quality, and accuracy of information available to law enforcement. Information inside the home is the paradigmatic example of the Fourth Amendment-protected sphere. In Katz, the Court abandoned the “constitutionally protected areas” that limited warrant requirements to physical intrusions into the home. In Kyllo, it confirmed that the use of an electronic device to obtain such information was a Fourth Amendment search. In Riley, the Court found that the search of a cell phone, with its large capacity to store many different types of data, was similar to searching one’s home. Like a cell phone, smart meters are designed to collect vast amounts of digital data from inside the home—data that is even more revealing than that obtained by the heat sensors used in Kyllo. Smart meters combine the newer digital mosaic concerns raised in Riley with the time-tested privacy of the home as enshrined in the Fourth Amendment’s history. Through smart meters, information once protected by physical boundaries now flows electronically and is aggregated in a way that it could not have been before this technology existed. The question of smart meter privacy thus demonstrates the need for Fourth Amendment standards to adapt to protect traditional privacy concerns in the digital age.
Under the Third-Party Doctrine, the type of information collected by smart meters would be protected if obtained without a warrant directly from a person’s home, but not from a third-party utility company. This binary public/private conception of the Fourth Amendment is a regression to the “constitutionally protected areas” doctrine abandoned in Katz—that is, the idea that information is private only if stored in a protected, “private” place. A contextual approach to privacy, like the one adopted in Riley, requires asking not whether the information was obtained from a protected area or whether it was “inherently” private, but whether society would expect the information to have the potential to be exposed in a particular context. It requires asking whether, upon having a meter installed that automatically relays energy usage data to a utility company for billing purposes, a person expects that the data can be shared with law enforcement and other agencies without additional consent or a warrant.
Under a contextual lens, the role of the home as a social institution is one of solitude and seclusion. Thus, warrantless collection of information from inside the home typically violates social norms. Other evidence provides additional insight into the social norms that govern the transmission of smart meter data. Smart meter data is transmitted to the utility company for billing purposes and to help both the utility and the household manage electricity use. Evidence from the case law surrounding smart meters suggests that customers may, at least implicitly, expect a utility company to maintain confidentiality in energy usage data. California’s reporting requirements and the response to recent reports of disclosures suggest that the disclosure of an individual’s smart meter data to a third party without express consent violates social norms. Thus, social norms in the context of smart meter data would prohibit the data from flowing beyond the utility company.
While the Third-Party Doctrine is couched in the language of “reasonable expectations,” it never actually examines them. Instead, it equates the “voluntary” disclosure of data to a third party for a specific business purpose with consent to disclose the same data to law enforcement. If the information flows to any third party for any reason, all privacy is forfeited. This approach resembles the outmoded “constitutionally protected areas” doctrine in its reliance on binary distinctions. However, even the “constitutionally protected areas” approach placed paramount importance on the privacy of the home, a concept that has endured throughout the history of Fourth Amendment jurisprudence. Privacy scholar Andrew Selbst argued that the privacy of the home is an area that “would generate a consensus between” traditional Fourth Amendment analysis and a contextual approach to privacy. Under current law, “courts have said that the ‘home’ is such a quintessentially private place that physical intrusion even by a ‘fraction of an inch’ is too much.” Under Selbst’s contextual analysis, “the home is a specific social context . . . subject to the transmission principle of control by the resident.” Allowing unwarranted intrusion in this context “would destroy the home as a social institution, generally seen as the one place it is always safe to retreat.” Applying the Third-Party Doctrine to smart meter data, as Selbst warns, would erode the integrity of the home by exposing the activities and behavioral patterns of its residents. In the case of smart meters, the Third-Party Doctrine is thus incongruous not only with a contextual approach to privacy but also with longstanding Fourth Amendment values.
This Recent Development has argued that Riley’s approach to digital data, although it did not address the Third-Party Doctrine, will inevitably lead to the doctrine’s undoing. In Riley, the Supreme Court acknowledged that old ideas about expectations of privacy do not hold up when law enforcement collects digital data. Because an arrestee’s pocket, which was once fair game for container searches, can now hold information in digital form about every aspect of the arrestee’s life, the context of that pocket and the social norms surrounding it have changed. Because Third-Party Doctrine’s binary approach to digital privacy does not accommodate such changing circumstances and norms, it will produce results that are contrary to basic reason and Fourth Amendment values, such as protecting data that is saved to a hard drive but not protecting the same data saved to a cloud storage account. This incongruity is perhaps most apparent in the context of smart meters, where, under the Third-Party Doctrine, the Fourth Amendment fails to protect the home—the original impetus for the right to privacy.
Natasha H. Duarte**
. Smart meters, also referred to as Advanced Metering Infrastructure (“AMI”), are electronic utility meters that enable two-way communication between utilities and consumers. See Recovery Act Smart Grid Programs, U.S. Dep’t of Energy, Advanced Metering Infrastructure and Customer Systems, Smartgrid.gov, https://www.smartgrid.gov /recovery_act/deployment_status/ami_and_customer_systems (last visited Apr. 10, 2015). These meters “collect highly granular data on individual electricity consumption and allow users to monitor and remotely control their electrical use . . . .” Sonia K. McNeil, Privacy and the Modern Grid, 25 Harv. J.L. & Tech. 199, 200 (2011).
. See 2 Nat’l Inst. of Standards & Tech., Guidelines for Smart Grid Cybersecurity 27 (2010) [hereinafter NIST], available at http://nvlpubs.nist.gov/ nistpubs/ir/2014/NIST.IR.7628r1.pdf (concluding that, when analyzed, smart meter data can reveal information about people’s lifestyles and appliance use); Jordan Robertson, Your Outlet Knows: How Smart Meters Reveal Behavior at Home, What We Watch on TV, Bloomberg (June 10, 2014), http://www.bloomberg.com/news/2014-06-10/your-outlet-knows-how-smart-meters-can-reveal-behavior-at-home-what-we-watch-on-tv.html (reporting on a German study where researchers were able to ascertain the specific television programs people were watching based on data collected by smart meters).
. See, e.g., Energy Info. Admin., U.S. Dep’t of Energy, U.S. Smart Grid Case Studies 1 (2011), available at https://www.smartgrid.gov/sites/default/files/doc/ files/smartggrid%5B1%5D.pdf (“A recent report . . . predicts that U.S. smart meter installations will exceed 80 million by 2015, up from 2 million in 2007.”). But see Smart Electric Meters, Advanced Metering Infrastructure, and Meter Communications: Global Market Analysis and Forecasts 2014, Navigant Res., http://www.navigantresearch.com/ research/smart-meters (last visited Apr. 10, 2015) (“The smart electric meter market has shifted emphasis to projects in Europe and Asia Pacific while the once hot U.S. market has leveled off, as federal funding for projects has been nearly exhausted.”).
. Brandon J. Murrill et al., Cong. Research Serv., R42338, Smart Meter Data: Privacy and Cybersecurity 5 (2012), available at http://fas.org/sgp/crs/ misc/R42338.pdf (“In the past, law enforcement agents have examined monthly electricity usage data from traditional meters in investigations of people they suspected of illegally growing marijuana.”). For legal background on law enforcement’s use of utility records, see generally United States v. Golden Valley Elec. Ass’n, 689 F.3d 1108 (9th Cir. 2012); United States v. McIntyre, 646 F.3d 1107 (8th Cir. 2011); Idaho v. Kluss, 867 P.2d 247 (Idaho Ct. App. 1993); New Jersey v. Domicz, 871 A.2d 744 (N.J. Super. 2005).
. Murrill et al., supra note 6, at 1 (“As we progress into the 21st century, access to personal data, including information generated from smart meters, is a new frontier for police investigations.”); Joint Comments of the Center for Democracy & Technology and the Electronic Frontier Foundation on Proposed Policies and Findings Pertaining to the Smart Grid 4, Order Instituting Rulemaking to Consider Smart Grid Tech., RM 08-12-009 (Pub. Util. Comm’n of the State of Cal. Dec. 18, 2008), available at https://www.eff.org/ files/cdteffjointcomment030910.pdf [hereinafter CDT & EFF Joint Comments].
. Kyllo v. United States, 533 U.S. 27, 31 (2001) (“The Fourth Amendment provides that ‘the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.’ . . . With few exceptions, the question [of] whether a warrantless search of a home is reasonable and hence constitutional must be answered no.” (alteration in original)).
. See McIntyre, 646 F.3d at 1111–12 (applying Smith v. Maryland, 442 U.S. 735 (1979), in which the Court found no expectation of privacy in phone records “voluntarily conveyed” to a telephone company, and holding that the same was true of utility records “voluntarily conveyed” to a utility company). For an explanation of the Third-Party Doctrine, see infra text accompanying notes 53–64.
. See Smith v. Maryland, 442 U.S. 735, 749 (1979). (Marshall, J., dissenting) (criticizing the Court for treating privacy as a “discrete commodity, possessed absolutely or not at all”); Sherry F. Colb, What Is a Search? Two Conceptual Flaws in Fourth Amendment Doctrine and Some Hints of a Remedy, 55 Stan. L. Rev. 119, 122 (2002) (arguing that courts, in “treating exposure to a limited audience as identical to exposure to the world,” have failed “to recognize degrees of privacy in the Fourth Amendment context”); Helen Nissenbaum, Privacy As Contextual Integrity, 79 Wash. L. Rev. 119, 136–37 (2004) (arguing that current legal approaches express “a right to privacy in terms of dichotomies—sensitive and non-sensitive, private and public, government and private . . . . That which falls within any one of the appropriate halves warrants privacy consideration; for the rest, anything goes”). Daniel Solove has referred to this concept as “privacy as secrecy”—if information is no longer totally secret, it is public. Daniel Solove, Conceptualizing Privacy, 90 Calif. L. Rev. 1087, 1107 (2002) (“In a variety of legal contexts, the view of privacy as secrecy often leads to the conclusion that once a fact is divulged in public, no matter how limited or narrow the disclosure, it can no longer remain private.”).
. See Helen Nissenbaum, Privacy in Context: Technology, Policy, and the Integrity of Social Life 113–14 (2010); Daniel J. Solove, The Future OF Reputation: Gossip, Rumor, and Privacy on the Internet 7 (2007); Danielle Keats Citron, Fulfilling Government 2.0’s Promise with Robust Privacy Protections, 78 Geo. Wash. L. Rev. 822, 826–27 (2010) (citing Alan Freeman & Elizabeth Mensch, The Public-Private Distinction in American Law and Life, 36 Buff. L. Rev. 237, 247–50 (1987)); Andrew D. Selbst, Contextual Expectations of Privacy, 35 Cardozo L. Rev. 643, 657–59 (2013); Shaun B. Spencer, The Surveillance Society and the Third-Party Privacy Problem, 65 S.C. L. Rev. 373, 377–80 (2013).
. See generally United States. v. Guerrero, 768 F.3d 351 (5th Cir. 2014) (holding government’s violation of the Stored Communications Act did not require suppression of defendant’s historical cell cite location data); In re U.S. for Historical Cell Site Data, 724 F.3d 600 (5th Cir. 2013) (holding that the Fourth Amendment probable cause standard is not applicable to historical cell site information); In re Application of U.S.A. for an Order Pursuant to 18 U.S.C. §§ 2703(c) and 2703(d) Directing AT&T, Sprint/Nextel, T-Mobile, Metro PCS and Verizon Wireless to Disclose Cell Tower Log Information, No. M-30, 2014 WL 4388397 (S.D.N.Y. May 30, 2014) (holding the Fourth Amendment did not preclude the government from requiring providers to disclose historical cell site data); United States v. Caraballo, 963 F. Supp. 2d 341 (D. Vt. 2013) (holding that defendant had no reasonable expectation of privacy in his real time cell phone location information); United States v. Graham, 846 F. Supp. 2d 384 (D. Md. 2012) (finding that defendants did not have a legitimate expectation of privacy in historical cell site location records); United States v. Gordon, No. 09-153-02 (RMV), 2012 WL 8499876 (D.D.C. Feb. 6, 2012) (finding that no reasonable expectation of privacy exists for cell site location data shared with third parties).
. See Spencer, supra note 13, at 390–91 (“[T]he Internet service providers on whom we rely for essential connectivity record the websites we visit, the files we download, and the people whom we email or message. Everyday transactions, both online and in real space, convey a plethora of data to third parties.”).
. See, e.g., id. at 376 (describing the ways in which “the binary conception of privacy cannot address the third-party privacy problem in the emerging surveillance society”); Solove, supra note 11, at 1151–52 (“The Court’s jurisprudence in these [Third-Party Doctrine] cases conceptualizes privacy as a form of total secrecy; however, this conception is ill-suited for the circumstances involved in these cases. . . . Life in the modern Information Age often involves exchanging information with third parties . . . . Thus, clinging to the notion of privacy as total secrecy would mean the practical extinction of privacy in today’s world.”).
. See id. at 2488 (“The fact that an arrestee has diminished privacy interests does not mean that the Fourth Amendment falls out of the picture entirely . . . . The United States asserts that a search of all data stored on a cell phone is ‘materially indistinguishable’ from searches of [physical items such as cigarette packs]. . . . That is like saying a ride on horseback is materially indistinguishable from a flight to the moon.”).
. See, e.g., Colb, supra note 11, at 155 (“The Court, however, makes the mistake of treating situations in which only a limited exposure has occurred as though there had been this kind of total, irreparable exposure. . . . The idea is flawed because it ignores norms about keeping confidences. . . . We do not expect, nor should we expect, that the strangers with whom we deal will broadcast our secrets generally.”).
. See Berger v. New York, 388 U.S. 41, 57, 59 (1967) (“It is true that this Court has occasionally described its conclusions in terms of ‘constitutionally protected areas’ . . . but we have never suggested that this concept can serve as a talismanic solution to every Fourth Amendment problem.”); Katz v. United States, 389 U.S. 347, 351 n.9 (1967) (citing Silverman v. United States, 365 U.S. 505, 512 (1961)); Lopez v. United States, 373 U.S. 427, 438 (1963).
. Katz, 389 U.S. at 352–53 (“It is true that the absence of such [physical] penetration was at one time thought to foreclose further Fourth Amendment inquiry . . . for that Amendment was thought to limit only searches and seizures of tangible property.” (citing Olmstead v. United States, 277 U.S. 438, 457, 464, 466 (1928))).
. Id. at 351 (“What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.”); Solove, supra note 11, at 1107 (“[T]he Court’s Fourth Amendment jurisprudence adheres to the notion that matters that are no longer completely secret can no longer be private.” (citing Katz, 389 U.S. at 351)).
. Courts adopted Justice Harlan’s interpretation of Katz, that the threshold question of whether a search occurred is whether a person “exhibited an actual (subjective) expectation of privacy” and whether that expectation was “one that society is prepared to recognize as ‘reasonable.’ ” Id. at 361 (Harlan, J., concurring); see Colb, supra note 11, at 123 (“[A]n honest inquiry into whether police have acted in a manner that exposes what would have remained hidden absent the transgression of a legal or social norm . . . would adhere to the doctrinal foundations of privacy as articulated in Katz.”); see also Smith v. Maryland, 442 U.S. 735, 740 n.5 (1979) (“[W]here an individual’s subjective expectation [of privacy] had been ‘conditioned’ by influences alien to well-recognized Fourth Amendment freedoms . . . [i]n determining whether a ‘legitimate expectation of privacy’ existed in such cases, a normative inquiry would be proper.”).
. Katz, 389 U.S. at 352 (“But what [Katz] sought to exclude when he entered the booth . . . was the uninvited ear. He did not shed his right to do so simply because he made his calls from a place where he might be seen. . . . [A] person in a telephone booth may rely upon the protection of the Fourth Amendment. One who occupies it, shuts the door behind him, and pays the toll that permits him to place a call is surely entitled to assume that the words he utters into the mouthpiece will not be broadcast to the world. To read the Constitution more narrowly is to ignore the vital role that the public telephone has come to play in private communication.”).
. Smith, 442 U.S. at 749 (Marshall, J., dissenting); see California v. Greenwood, 486 U.S. 35, 39–41 (1988); California v. Ciraolo, 476 U.S. 207, 212–14 (1986); United States v. Knotts, 460 U.S. 276, 281–82 (1983).
. Almost thirty years later, the Court considered similar facts in United States v. Jones but relied on the traditional trespass theory of the Fourth Amendment to find that an expectation of privacy was violated when police physically installed a GPS device on a suspect’s vehicle. United States v. Jones, 132 S. Ct. 945, 950 (2012).
. See generally Smith, 442 U.S. 735 (reviewing a case where the telephone company installed a pen register without a warrant to record the numbers dialed from a phone); United States. v. Guerrero, 768 F.3d 351 (5th Cir. 2014) (involving historical cell site location data that was obtained without a warrant); United States v. Forrester, 512 F.3d 500 (9th Cir. 2007) (considering a case where the government used computer surveillance techniques without a warrant).
. Smith v. Obama, 24 F. Supp. 3d 1005, 1009 (D. Idaho 2014) (“Smith [v. Maryland] could never have anticipated the ubiquity of cell-phones and the fact that ‘people in 2013 have an entirely different relationship with phones than they did thirty-four years ago.’ ” (quoting Klayman v. Obama, 957 F. Supp. 2d 1, 36 (D.D.C. 2013))).
. See United States. v. Guerrero, 768 F.3d 351, 359 (5th Cir. 2014); In re Application of United States for Historical Cell Site Data, 724 F.3d 600, 602 (5th Cir. 2013); In re Application of United States for an Order Pursuant to 18 U.S.C. §§ 2703(C) and 2703(D) Directing AT&T, Sprint/Nextel, T-Mobile, Metro PCS and Verizon Wireless to Disclose Cell Tower Log Information, No. M-50, 2014 WL 4388397, at *5 (S.D.N.Y. May 30, 2014); United States v. Caraballo, 963 F. Supp.2d 341, 363 (D. Vt. 2013); United States v. Graham, 846 F. Supp. 2d 384, 390 (D. Md. 2012); United States v. Gordon, No. 09-153-02(RMU), 2012 WL 8499876, at *1 (D.D.C. Feb. 6, 2012).
. See United States v. Stanley, 753 F.3d 114 (3d Cir. 2014); United States v. Rigmaiden, No. CR 08-814-PHX-DGC, 2013 WL 1932800, at *1 (D. Ariz. 2013); In re Application of United States for an Order Pursuant to 18 U.S.C. § 2703(d), 830 F. Supp. 2d 114, 114 (E.D. Va. 2011).
. See United States v. Golden Valley Elec. Ass’n, 689 F.3d 1108, 1111 (9th Cir. 2012); United States v. McIntyre, 646 F.3d 1107, 1111 (8th Cir. 2011); Naperville Smart Meter Awareness v. Naperville, No. 11 C 9299, 2013 WL 1196580, at *14 (N.D. Ill. Mar. 22, 2013); State v. Kluss, 867 P.2d 247, 247 (Idaho App. 1993); see also infra Part III (providing a more in depth discussion of the warrantless collection of energy usage data by utilities).
. In the Supreme Court’s Riley opinion, Chief Justice Roberts noted that it “makes little difference” to the user (and that in fact the user may not even know) whether information found on a cell phone is stored on the phone itself or in the cloud. Riley v. California, 134 S. Ct. 2473, 2491 (2014).
. Id. at 2489. In response to the government’s argument that a search of all data stored on a cell phone was materially indistinguishable from searches of physical items, Chief Justice Roberts famously wrote, “That is like saying a ride on horseback is materially indistinguishable from a flight to the moon.” Id. at 2488.
. For a definition of “mosaic theory,” see Tracey v. State, 152 So.3d 504, 520 (Fla. 2014) (“The theory that discrete acts of surveillance by law enforcement may be lawful in isolation, but may otherwise infringe on reasonable expectations of privacy in the aggregate because they ‘paint an “intimate picture” of a defendant’s life,’ has been referred to as the ‘mosaic’ theory.” (quoting United States v. Wilford, 961 F. Supp. 2d 740, 771 (D. Md. 2013))).
. Riley, 134 S. Ct. at 2489 n.1. Riley only concerned the collection of data directly from a person’s device and not from a third party, and the fact that the data collection was a search was not at issue. See id. at 2484.
. See generally Energy Independence and Security Act of 2007, Pub. L. 110-140, 121 Stat. 1492 (codified at 42 U.S.C. § 17381 (2012)) (including energy independence and security as one of several clean energy goals).
. Federico Guerrini, Smart Meters: Between Economic Benefits and Privacy Concerns, Forbes (June 1, 2014), http://www.forbes.com/sites/federicoguerrini/ 2014/06/01/smart-meters-friends-or-foes-between-economic-benefits-and-privacy-concerns/.
. Terrence Henry, Want to Opt Out of a Smart Meter in Texas? It Will Cost You, NPR (Oct. 30, 2013), http://stateimpact.npr.org/texas/2013/10/30/opt-out-of-a-smart-meter-in-texas-it-will-cost-you/.
. Duke Energy’s smart grid information web pages, for example, do not include information about opting out. See Grid Modernization FAQs, Duke Energy, http://www.duke-energy.com/about-us/smart-grid-faq.asp (last visited Jan. 5, 2015).
. Tracy Idell Hamilton, Smart-meter Energy Data Now Online, San Antonion Express-News (Aug. 20, 2011), http://www.mysanantonio.com/news/energy/article/Smart-meter-energy-data-now-online-2133522.php.
. Id.; Pub. Util. Comm’n of the State of Cal., Rulemaking 08-12-009, Order Instituting Rulemaking to Consider Smart Grid Techs. Pursuant to Fed. Leg. & on the Comm’n’s own Mot. To Actively Guide Policy in Cal.’s Dev. Of a Smart Grid Sys., 83–87 (July 28, 2011).
. Kantar Group Ltd., whose clients include Coca Cola and Microsoft, is undertaking a pilot study on “ways to harvest smart-meter data on household energy use that may be useful to customers . . . . Companies wanting to market their products . . . could potentially benefit from information [contained in smart meter data], such as how long people spend cooking or using their computers.” Louise Downing, WPP Unit, Onzo Study Harvesting Smart-Meter Data, Bloomberg (May 11, 2014), http://www.bloomberg.com/news/2014-05-11/wpp-unit-onzo-study-harvesting-smart-meter-data.html.
. Murrill et al., supra note 7, at 2. See generally Naperville Smart Meter Awareness v. City of Naperville, No. 11C9299, 2013 WL 1196580 (N.D. Ill. Mar. 22, 2013) (dismissing claim from town’s citizens that smart meter installation in every home violates the Fourth, Fifth, and Fourteenth Amendments).
. In a 2012 report, California energy company San Diego Gas & Electric reported that it had disclosed the records of 4,062 customers pursuant to the “legal process.” San Diego Gas & Elec., Annual Privacy Report 2 (May 16, 2013), available at http://www.cpuc.ca.gov/NR/rdonlyres/1AAFED95-3F3F-4296-B4B6-8CB8E6704CC1/0/SDGEAnnual_Privacy_Report_2012.pdf.
. See, e.g., Kyllo v. United States, 533 U.S. 27, 31 (2001); United States v. Golden Valley Elec. Assoc., 689 F.3d 1108, 1114 (9th Cir. 2012); United States v. McIntyre, 646 F.3d 1107 (8th Cir. 2011); State v. Kluss, 867 P.2d 247, 250 (Idaho Ct. App. 1993).
. For a discussion of the consent rationale in the cell phone context, see In re Application of the U.S. for an Order Authorizing the Release of Historical Cell-Site Info., 809 F. Supp. 2d 113, 126–27 (E.D.N.Y. 2011) (noting that, because of the ubiquity and necessity of the cell phone in modern society, “[t]he fiction that the vast majority of the American population consents to warrantless government access to [cell site location records] by ‘choosing’ to carry a cell phone must be rejected”).
. See Riley v. California, 134 S. Ct. 2473, 2488–91 (2014) (“The fact that an arrestee has diminished privacy interests does not mean that the Fourth Amendment falls out of the picture entirely. Not every search is acceptable solely because a person is in custody. To the contrary, when privacy-related concerns are weighty enough, a search may require a warrant, notwithstanding the diminished expectations of privacy of the arrestee. . . . The United States asserts that a search of all data stored on a cell phone is ‘materially indistinguishable’ from search of [physical items such as cigarette packs]. That is like saying a ride on horseback is materially indistinguishable from a flight to the moon. . . . A conclusion that inspecting the contents of an arrestee’s pocket works no substantial additional intrusion on privacy beyond the arrest itself may make sense as applied to physical items, but any extension of that reasoning to digital data has to rest on its own bottom.”).
. United States v. Golden Valley Elec. Ass’n, 689 F.3d 1108, 1116 (9th Cir. 2012) (noting that Golden Valley had “a company policy of protecting the privacy of its members,” but finding no “agreement with its customers” to that effect). Even in the absence of an explicit confidentiality agreement, Golden Valley’s contention suggests that utility companies and customers may implicitly assume a confidential relationship. Regardless of whether the law would support such a relationship, this indicates at least a subjective expectation of confidentiality. Id.
. See Kyllo v. United States, 533 U.S. 27, 37 (2001) (“[P]hysical invasion of the structure of the home, ‘by even a fraction of an inch,’ [is] too much . . . .” (quoting Silverman v. United States, 365 U.S. 505, 512 (1961))).
**The author would like to thank Cathy Packer, Brooks Fuller, Anne Klinefelter, Woodrow Hartzog, Astrid Duarte, Tony Duarte, Alison Templeton, and the North Carolina Law Review board and staff.