[*]Law Clerk to the Honorable Robert H. Whaley, United States District Court for the Eastern District of Washington. Gavin Skok received his Juris Doctor With Honors from the University of Washington School of Law in 1999, and his Bachelor of Arts-Honors from Gonzaga University in 1996. The views expressed in this article are those of the author, and should not be attributed to either the United States District Court for the Eastern District of Washington or the Honorable Robert H. Whaley.

[1]See Paul Schwartz, Privacy and Democracy in Cyberspace, 52 VAND. L. REV. 1609, 1610-11 (1999) ("[I]nformation technology in cyberspace also affects privacy in ways that are dramatically different from anything previously possible. By generating comprehensive records of online behavior, information technology can broadcast an individual's secrets in ways that he or she can neither anticipate nor control. Once linked to the Internet, the computer on our desk becomes a potential recorder and betrayer of our confidences.").

[2]See, e.g., United States v. Hambrick, 55 F. Supp. 2d 504, 508 (W.D. Va. 1999) ("Cyberspace is a nonphysical 'place' and its very structure, a computer and telephone network that connects millions of users, defies traditional Fourth Amendment analysis.").

[3]While clickstream monitoring and data mining technology are still in their infancy, courts must frequently lay the groundwork for future laws without the benefit of foresight into future technological advancement. Accordingly, this Article assumes that data storage and processing technology will in the near future allow mass processing and sorting of clickstream information.

[4]The Federal Networking Council defines "Internet" as "the global information system that -- (i) is logically linked together by a globally unique address space based on the Internet Protocol (IP) or its subsequent extensions/follow-ons; (ii) is able to support communications using the Transmission Control Protocol/Internet Protocol (TCP/IP) suite or its subsequent extensions/follow-ons, and/or other IP-compatible protocols; and (iii) provides, uses or makes accessible, either publicly or privately, high level services layered on the communications and related infrastructure described herein." FNC Resolution: Definition of "Internet," (last modified October 30, 1995) <http://www.fnc.gov/Internet_res.html>. See also Stephan K. Bayens, The Search and Seizure of Computers: Are We Sacrificing Personal Privacy for the Advancement of Technology?, 48 DRAKE L. REV. 239, 248-49 (2000) ("'The Internet is not a physical or tangible entity, but rather a giant network which interconnects innumerable smaller groups of linked computer networks.' The Internet is an overwhelming mass of information that has no centralized administrator, storage location, or control point. 'It exists and functions as a result of the fact that hundreds of thousands of separate operators of computers and computer networks independently decided to use common data transfer protocols to exchange communications and information with other computers (which in turn exchange communications and information with still other computers).'") (footnotes omitted). For a good overview of the way the Internet works, see Schwartz, supra note 1, at 1618-21. See also Overview of the World Wide Web (visited March 2, 2000) <http://www.cio.com/WebMaster/sem2_home.html>; The World Wide Web for the Clueless <http://www.cio.com/WebMaster/sem2_simple_pieces.html>.

[5]Nua Internet Surveys: How Many Online? (visited April 21, 2000) <http://www.nua.ie/surveys/how_many_online/index.html> (estimating 304.36 million Internet users as of March 2000); Global Reach: Global Internet Statistics (last modified March 31, 2000) <http://www.glreach.com/globstats/index.php3> (estimating 288 million Internet users worldwide).

[6]Nua Internet Surveys: Netcraft: 5 Million Web Sites on the WWW (last modified April 20, 1999) <http://www.nua.ie/surveys/index.cgi?f=VS&art_id=905354851&rel=true> ("Just two years ago the Netcraft survey counted 1 million web sites on the Web, the latest survey finds that there are now over 5 million web sites."). See also Domainstats.com (last modified April 6, 2000) <http://www.domainstats.com> (recognizing 15,719,462 registered domain names worldwide).

[7]See Computer Industry Almanac Inc.: Over 150 Million Internet Users Worldwide at Year-end 1998 (last modified April 30, 1999) <http://www.c-i-a.com/199904iu.htm> ("April 30, 1999 - According to the Computer Industry Almanac Inc. there were over 150 million Internet users at year-end 1998 -- up from 61 million Internet users at year-end 1996."); Nua Internet Surveys: Netcraft, supra note 6 ("Just two years ago the Netcraft survey counted 1 million web sites on the Web, the latest survey finds that there are now over 5 million web sites."); Headcount.com: Who's online by country: The World (visited March 19, 2000) <http://www.headcount.com/count/datafind.htm?choice=country&choicev%5B%5D=The+World&submit=Submit> ("In June 1998, Matrix Information and Directory Services (MIDS) reported that there are 102 million accessing the Internet in the world. This number is estimated as of January 1998 and has increased from the estimate of 57 million in January 1997.").

[8]See Headcount.com, supra note 7 ("MIDS [Matrix Information and Directory Services] estimates that the total number of worldwide Internet users will grow to 707 million by 2001."); Internet Commerce Will Rocket to More Than $1 Trillion by 2003, According to IDC (last modified June 28, 1999) <http://www.idc.com/Data/Internet/content/NET062899PR.htm> ("In recent market research, International Data Corporation (IDC) reports the amount of commerce conducted over the World Wide Web will top a staggering $1 trillion by 2003.").

[9]Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns (last modified September 15, 1997) <http://www.ftc.gov/reports/privacy/privacy3.htm> ("The Internet is a highly decentralized, global network of electronic networks. It is unique among communications media in the variety and depth of personal information generated by its use.").

[10]Eric Johnson, An Examination of the Role of Clickstream Data in Marketing through the Internet (last modified May 12, 1997) <http://www.ftc.gov/bcp/privacy/wkshp97/comments2/johnson0.htm> n.1("A formal definition of 'clickstream' data, according to CASIE, the Consortium for Advertising Supported Information and Entertainment: 'The database created by the date-stamped and time-stamped, coded/interpreted, button-pushing events enacted by users of interactive media, controlling their systems via remote control channel changers, alphanumeric PC keyboards and mice, numeric keyboards of PDAs and similar devices, and voice command of screen media.'"). See also JULIAN S. MILLSTEIN, ET AL., DOING BUSINESS ON THE INTERNET: FORMS AND ANALYSIS � 10.02(1)(a) (1999) ("As an individual user browses the Internet, a trail of electronic information is left at Web sites he or she visits. [This i]nformation about the path a user takes through the Internet, called 'clickstream' data, can be collected and sorted.").

[11]Schwartz, supra note 1, at 1620 ("The Internet's technical qualities also have a negative consequence: they make possible an intense surveillance of activities in cyberspace. Digital reality is constructed through agreement about technical norms. This 'code,' to use Lawrence Lessig's term, creates cyberspace. As a result of cyberspace code, surfing and other cyberspace behavior generate finely granulated data about an individual's activities - often without her permission or even knowledge.") (footnotes omitted).

[12]See Center for Democracy & Technology: CDT's guide to online privacy (visited February 23, 2000) <http://www.cdt.org/privacy/guide/start> ("Use of the network, however, generates detailed information about the individual -- revealing where they "go" on the Net (via URLs), who they associate with (via list-servs, chat rooms and news groups), and how they engage in political activities and social behavior."); Jerry Berman & Deirdre Mulligan, Privacy in the Digital Age: Work in Progress, 23 NOVA. L. REV. 551, 554 (1999) ("The data trail, known as transactional data, left behind as individuals use the Internet is a rich source of information about their habits of association, speech, and commerce. Transactional data, click stream data, or 'mouse droppings,' as it is alternatively called, can include the Internet protocol address ('IP address') of the individual's computer, the browser in use, the computer type, and what the individual did on previous visits to the Web site, or perhaps even other Web sites."); Damien Cave, Salon.com: Do They Know Where You Live? (last modified February 28, 2000) <http://www.salon.com/tech/feature/2000/02/28/geographic/index.html> ("Ad-serving companies like Double Click offer services that they say can target ads to users by location. And Digital Island introduced technology last year called TraceWare, which can identify the location of Web site visitors with 96 percent accuracy. TraceWare works by scanning worldwide traffic as it passes through ISPs, then matching users' IP addresses with a database of IP address locations that Digital Island has built.").

[13]See Federal Trade Commission Staff Report: Online Privacy, supra note 9 ("When users browse on the World Wide Web ('the Web'), for example, they leave an electronic marker at each site (or on each page within a site) they visit. The series of electronic markers, or 'clickstream' generated by each user's browsing activities can be aggregated, stored, and re-used."); Center for Democracy & Technology: CDT's guide to online privacy, supra note 12 ("Some of the newest tracking tools can so efficiently mine and manipulate the data trail (or 'clickstream') people leave behind when they use the Internet that they build a detailed database of peronal [sic] information without any human intervention."); Jerry Berman & Deirdre Mulligan, Privacy in the Digital Age: Work in Progress, 23 NOVA. L. REV. 551, 554 (1999) (explaining that clickstream data "is captured at various points on the network and available for reuse and disclosure."); JULIAN S. MILLSTEIN, ET AL., DOING BUSINESS ON THE INTERNET: FORMS AND ANALYSIS � 10.02(1)(a) (1999) ("[C]lickstream data [] can be collected and stored.").

[14]An Internet service provider, or ISP, is the portal which provides access to the Internet for individuals, educational institutions, companies, and organizations. A Net user dials into the ISP using his or her PC and a modem; the ISP then connects the user to the Internet. See Stephen Jenkins, Glossary of PC and Internet Terminology (last modified January 9, 2000) <http://homepages.enterprise.net/jenko/Glossary/GISP.htm> ("Internet Service Provider or sometimes referred to as Internet Access Provider (IAP) is a company which provides access to the Internet for people like you & me. The company handles the link from your PC to the rest of the Internet. The ISP's central computer is linked to the rest of the internet so the person using this service only pays the telephone charges to connect from their home computer to the ISP's central computer."); UGeek Technical Glossary (last modified April 26, 1999) <http://www.geek.com/glossary/glossary_search.cgi?i> ("Internet Service Provider (ISP) - An ISP provides Internet access to people or corporations. ISPs generally have pools of modems awaiting dial-up connections.")

[15]See Federal Trade Commission Staff Report: Online Privacy, supra note 9 ("Each Web site, in turn, captures certain information about users as they enter the site. A Web site can 'know' users' email addresses, the names of their browsers, the type of computer they are using, and the universal resource locator (URL), or Internet address of the site from which they linked to the current site. . . . Clickstream data also permits Internet site owners to understand activity levels at various areas within sites, in a manner analogous to a retail store's practice of checking inventory."); Millstein, supra note 11 ("Web sites, for instance, often have the capability to automatically log information about users. A Web site may be able to determine a user's e-mail address, the type of computer and browsing software being used, and the address of the Web site from which the user linked. The Web pages or files a user accessed while browsing a Web site - and how long the user remained on a particular Web page - can also be recorded."); Peter McGrath, Newsweek: Knowing You All Too Well (last modified March 29, 1999) <http://www.newsweek.com/nw-srv/printed/us/st/ty0113_2.htm> ("Your clickstream reveals your interests and tastes with unnerving precision. (Did you go from slate.com to a Volvo dealer's Web site? Did you then buy some brie from peapod.com, the online grocery? You may be one of those limousine liberals we've been hearing about.) And when Web merchants combine clickstream analysis with another new software technique known as 'collaborative filtering,' which makes educated inferences about your likes and dislikes based on comparing your user profile with others in the database, they have a marketing tool of high potential not only for customer satisfaction but also for abuse."); Eric Wieffering, Protecting your digital footprints, MINNEAPOLIS STAR TRIB., November 7, 1999, at 1D ("[O]nline, every mouse-click within a particular site can be tracked and analyzed. Even on sites where you're not required to volunteer personal information, a Web site operator can log your computer's address and know approximately where you've come from. It can then follow you around the site, recording which features and links you clicked on and how long you lingered there, and create a complete profile that it can use to determine what kind of advertising and products you will see."). See also Beth Givens, Privacy Rights Clearinghouse: The Emperor's New Clothes: Privacy on the Internet in 1999 (last modified June 21, 1999) <http://www.privacyrights.org/ar/emporor.htm> (reporting results of Georgetown University's McDonough School of Business May 1999 Internet Privacy Policy Survey, and noting that "the collection of personally identifiable information has become standard practice on a vast majority of commercial web sites.").

[16]Hiawatha Bray, Boston Globe: Matching Ads to Eyeballs (last modified February 22, 2000) <http://www.boston.com/dailyglobe2/053/business/Matching_ads_to_eyeballsP.shtml> (describing Engage online user tracking network which coordinates numerous Web sites in tracking user clickstreams, thereby allowing Engage to compile detailed user profile, and explaining that Engage network has already tracked over 35 million online users.).

[17]Jesse Berst, ZDNet AnchorDesk: The Good, Bad, and Ugly of Personalization (last modified November 2, 1999) <http://www.zdnet.com/anchordesk/story/story_4050.html> ("Personalization is a huge trend on the Web. Sites create user profiles by identifying you each time you come to a site, recording your preferences, and then delivering ads and content targeted to your profile. . . . [T]he typical profile can contain: Explicit information. This is what you voluntarily reveal when registering at a site or signing up for a service. Your name, email address, etc. Implicit information. This is data the site gathers by monitoring your click stream - what you do, where you go. From that it infers what your interests are."); John M. Broder, Making America Safe for Electronic Commerce, N.Y. TIMES, June 22, 1997, at 4D ("Those [clickstream] records provide invaluable information for marketers who can use them to pinpoint customers for their products. By following your Internet 'clickstream,' they can learn about your medical condition, your reading habits, your political predilections.").

[18]In this way, the ISP's role can be analogized to that of an interpreter in court proceedings. Since everything passes through the interpreter en route to its intended destination, the interpreter has access to all of the party's statements.

[19]Roger Taylor, FTC clicks on to fears over data on web users, FIN. TIMES (London), April 5, 1999, at 5 ("At present there is no privacy on the Internet. Internet service providers know an individual user's name and address and can track every single move the user makes on the web. And the information is held on record. . . ."); Jeffrey Pollock, A Tangled Web - Thoughts for a Law Firm Using the Web, 198 AUG-N.J. LAW. 18-19 (1999) ("Virtually all netizens (Internet users for the uninitiate) access the Net through an ISP. As you are searching your way merrily along the strands of the WWW, however, your friendly ISP is collecting information regarding where you've been. The information captured is called a 'click stream' and records every website you've visited."); James F. Brelsford & Nicole A. Wong, Online Liability Issues: Defamation, Privacy and Negligent Publishing, 564 PLI/PAT. 231, 244 (1999) ("Clickstream Data. While a user 'surfs' the Internet, each web site visited and each page viewed are typically logged by the user's Internet Service Provider. The ISP may maintain a record of a user's email communications and other online activities, including Web sites visited, purchases made, and more."); Schwartz, supra note 1, at 1627 ("ISPs are in an advantageous position to tie together the information that exists about anyone who surfs the Web. . . [T]he ISP has detailed information about the Internet behavior of each of its customers. Through its role as an entrance ramp to the Internet, the ISP gains access to clickstream data and other kinds of detailed information about personal online habits. It can easily take these scattered bits of cyberspace data, pieces of which at times enjoy different degrees of practical obscurity, and make them into 'personal information' by linking them to the identity of its customers."); David Whalen, The Unofficial Cookie FAQ v. 2.53, (last modified May 10, 1999) <http://www.cookiecentral.com/faq/index.shtml> ("The very nature of Web servers allows for the tracking of your surfing habits . . . ."); Center for Democracy & Technology: CDT's guide to online privacy, supra note 12 ("Over the past two decades the Internet has grown into a semi-autonomous network where anonymity has been honored. Use of the network, however, generates detailed information about the individual -- revealing where they "go" on the Net (via URLs), who they associate with (via list-servs, chat rooms and news groups), and how they engage in political activities and social behavior. Some of the newest tracking tools can so efficiently mine and manipulate the data trail (or 'clickstream') people leave behind when they use the Internet that they build a detailed database of peronal [sic] information without any human intervention.").

[20]Charles Babcock, ZDNet Interactive Week: Problems Surface With Data Mining (last modified February 2, 1999) <http://www.zdnet.com/intweek/stories/news/0,4164,388207,00.html> ("Businesses' desire to generate online customer relationships is a mighty engine in the new electronic economy. It is prompting pioneering businesses, such as Internet service providers, to engage in extensive data mining to individualize the otherwise faceless customer base. . . . A young and aggressive ISP will mine other forms of customer data that falls into its hands in order to buttress the customer relationship and retain customers, according to Larry Goldman, a customer relationship management expert at Braun Technology Group.").

[21]Federal Trade Commission Staff Report: Online Privacy, supra note 9 ("The fact that online information-gathering is automated means that it is invisible to the user and often takes place without the user's knowledge and consent."); Center for Democracy & Technology: CDT's guide to online privacy: Terms (visited February 23, 2000) <http://www.cdt.org/privacy/guide/terms> ("The collection of personal information online occurs in two ways. First, information is collected through your active provision of information, such as when you purchase a product online or when you join as a member of a web site. Second, while you are engaged in 'passive' online activity - for example when you are lurking in chat rooms, reading bulletin boards, or browsing through online resources - your personal information is also being collected and possible stored, all under your illusion of anonymity."); Erika S. Koster, Zero Privacy: Personal Data on the Internet, 16 No. 5 COMPUTER LAW. 7, 7 (1999) ("New technology and more powerful computers now make it possible, without the visitor's knowledge, for companies to record and track information about visitors to their Web sites . . . ."); Schwartz, supra note 1, at 1621-22 ("Visitors to cyberspace sometimes believe that they will be fully able to choose among anonymity, semi-anonymity, and complete disclosure of identity and preferences. Yet, in each of the three areas, finely granulated personal data are created - often in unexpected ways. Moreover, most people are unable to control, and are often in ignorance of, the complex processes by which their personal data are created, combined, and sold.").

[22]The fact that the data may be stored in computers owned by the ISP or another business does not prevent a Web user from retaining a legitimate expectation in the information since the "capacity to claim the protection of the [Fourth] Amendment depends not upon a property right in the invaded place but upon whether the area was one in which there was a reasonable expectation of freedom from governmental intrusion." Mancusi v. DeForte, 392 U.S. 364, 368 (1968). Accordingly, the question is whether the user has a legitimate expectation of privacy in not being tracked online, not whether he or she retains an expectation of privacy in his ISP's computers.

[23]The range of crimes committed on or facilitated by the Internet is virtually limitless. See, e.g., Note, Keeping Secrets in Cyberspace: Establishing Fourth Amendment Protection for Internet Communication, 110 HARV. L. REV. 1591, 1591 (1997) (hereinafter "Keeping Secrets") ("Some crimes actual occur in cyberspace: people can illegally download copyrighted software, gamble, or view obscene photographs. The Internet has facilitated other criminal acts, such as kidnapping, hate crimes, and illegal drug sales. Dangerous information, such as how to build bomb, infiltrate computer security systems, forge credit cards and phone cards, pick locks, or kill people with one's bare hands is readily available."); Brian Simon, Note, The Tangled Web We Weave: The Internet and Standing Under the Fourth Amendment, 21 NOVA L. REV. 941, 959 (1997) ("Aside from hacking, various forms of computer crime now exist. Criminals upload viruses in an attempt to destroy computer systems, steal copyrighted material, and engage in the exchange of child pornography amongst other thing. Private files exist which contain evidence of crime occurring outside cyberspace (the dreaded physical world).").

[24]Fourth Amendment jurisprudence is somewhat inconsistent in its use of the term "search." The most widespread school of thought is that a search occurs "when an expectation of privacy that society is prepared to consider reasonable is infringed." United States v. Jacobsen, 466 U.S. 109, 113 (1984). I do not mean to put the cart before the horse by using the phrase "clickstream search" in my analysis. Instead, I use the term "search" in its plain meaning sense to describe the act of monitoring, examining, or analyzing clickstream data, regardless of whether the Web user ultimately retains a legitimate expectation of privacy.

[25]Such a broad search might prove difficult in practice due to the massive amounts of clickstream data generated by Net surfers; even a short online session can generate millions of bytes of information. However, while technological barriers may currently prevent police from conducting a dragnet clickstream, the danger of such searches is becoming increasingly real as data collection and processing technology rapidly advances. Furthermore, law enforcement agencies have empirically shown themselves willing to sort through large amounts of innocuous information in order to unearth evidence of a crime. See, e.g., Eversole v. Steele, 59 F.3d 710, 713 (7th Cir. 1995) (describing efforts of regional drug task force to enforce state anti-narcotics laws by monitoring and logging all drug store sales and pharmacy records in a four-county area to determine whether any customers purchased more than four ounces of cough syrup containing codeine within any given forty-eight hour period). Importantly, the difficulty of such a search will undoubtedly be lessened as technology advances, thereby heightening the risk to Net users.

[26]The scope of any actual search is irrelevant for purposes of this article. The question is whether a Web user enjoys an expectation of privacy in his or her clickstream. If he or she does not, then a generalized "dragnet" search and a specific targeted search are equally permissible. If he or she retains an expectation of privacy, then the scope of the search is relevant in determining whether the intrusion occasioned by the search is reasonable. However, that inquiry is beyond the scope of the present discussion.

[27]See supra notes 12, 15, and 19, and accompanying text.

[28]See supra notes 15, 17, and 19, and accompanying text.

[29]See, e.g., Koster, supra note 21, at 7 ("Psychographic profiles can be made by analyzing a Web surfer's 'click stream,' or listing of sites visited."); Berman & Mulligan, supra note 12, at 554 ("The data trail, known as transactional data, left behind as individuals use the Internet is a rich source of information about their habits of association, speech, and commerce. . . . Along with information intentionally revealed through purchasing or registration activities, this transactional data can provide a 'profile' of an individual's activities.").

[30]See infra notes 83-100, and accompanying text.

[31]U.S. CONST. amend. IV.

[32]See Katz v. United States, 389 U.S. 347, 360 (1967) (Harlan, J., concurring); Rakas v. Illinois, 439 U.S. 128, 139-40 (1978).

[33]See Smith v. Maryland, 442 U.S. 735, 740 (1979); California v. Ciraolo, 476 U.S. 207, 211 (1986); Katz, 389 U.S. at 361 (Harlan, J., concurring).

[34]Ciraolo, 476 U.S. at 212 (quoting Oliver v. United States, 466 U.S. 170, 182-83 (1984)).

[35]Katz, 389 U.S. at 351-52 (citations omitted).

[36]See, e.g., United States v. Miller, 425 U.S. 435 (1976) (defendant lacked legitimate expectation of privacy in bank records since he exposed information in records to bank employees); Smith v. Maryland, 442 U.S. 735 (1979) (defendant lacked legitimate expectation of privacy in phone numbers dialed from phone since he voluntarily provided the numbers to the telephone company).

[37]See Florida v. White, 526 U.S. 559, 562-63 (1999); Wilson v. Arkansas, 514 U.S. 927, 931 (1995); California v. Hodari D., 499 U.S. 621, 624 (1991); Tennessee v. Garner, 471 U.S. 1, 8 (1985); Carroll v. United States, 267 U.S. 132, 149 (1925).

[38]See Wyoming v. Houghton, 526 U.S. 295, 299-300 (1999); Vernonia Sch. Dist. 47J v. Acton, 515 U.S. 646, 652-53 (1995). See also Carroll, 267 U.S. at 149 ("The Fourth Amendment is to be construed in light of what was deemed an unreasonable search and seizure when it was adopted, and in a manner which will conserve public interests as well as the interests and rights of individual citizens.").

[39]United States v. Miller, 425 U.S. 435 (1976).

[40]Smith v. Maryland, 442 U.S. 735 (1979).

[41]Miller, 425 U.S. at 442.

[42]Id. at 443. See also Hoffa v. United States, 385 U.S. 293, 302 (1966). Miller has been broadly read as standing for the proposition that a customer has no legitimate expectation of privacy in records of his business transactions held or created by a third party. See, e.g., United States v. Phibbs, 999 F.2d 1053 (6th Cir. 1993) (reading Miller to include credit card statements and telephone records regarding defendant kept by various businesses). Miller has been harshly criticized by commentators. See, e.g., WAYNE R. LAFAVE, 1 SEARCH AND SEIZURE � 2.7(c) at 631 (3d ed. 1996) ("The result reached in Miller is dead wrong, and the Court's woefully inadequate reasoning does great violence to the theory of Fourth Amendment protection which the Court had developed in Katz.").

[43]See Smith, 442 U.S. at 737.

[44]See id.

[45]See id.

[46]Id. at 743-44 (citations omitted).

[47]Katz, 389 U.S. 347, 351-52 (1967) (citations omitted).

[48]See United States v. Charbonneau, 979 F. Supp. 1177, 1184 (S.D. Ohio 1997); Smyth v. Pillsbury, 914 F. Supp. 97, 101 (E.D. Pa. 1996); United States v. Maxwell, 45 M.J. 406, 417-18 (C.A.A.F. 1996).

[49] See Charbonneau, 979 F. Supp. at 1184; Smyth, 914 F. Supp. at 101; Maxwell, 45 M.J. at 417-18. Commentators have made the same analogy. See, e.g., Keeping Secrets in Cyberspace, supra note 23, at 1597 ("For example, commentators discussing privacy in cyberspace often have compared e-mail to traditional postal mail. Individuals retain a reasonable expectation of privacy in sealed first-class mail sent through the postal system, but because anyone can read the contents of a postcard, an expectation of privacy in its contents would be unreasonable and a law enforcement officer's reading it is thus not a search. E-mail, which 'can be accessed or viewed on intermediate computers between the sender and recipient,' may more closely resemble a postcard than a letter in this regard.") (footnotes omitted).

[50]Charbonneau, 979 F. Supp. at 1177.

[51]Id. at 1184 (quoting Maxwell, 45 M.J. at 417).

[52]A "chat room" is an Internet site set up to allow Web users to "talk" to each other over the Internet by typing messages on their keyboard. See Jenkins, supra note 14.

[53]See Charbonneau, 979 F. Supp. at 1184. See also Raphael Winick, Searches and Seizures of Computers and Computer Data, 8 HARV. J.L. & TECH. 75, 116 (1994) ("Posting a message in the publicly accessible areas of a BBS can be viewed as either putting the message into 'plain view,' or as voluntarily disclosing the information to all other parties. One loses any expectation of privacy in an otherwise private item by placing the item into plain view. As a result, outsiders such as law enforcement officials may monitor BBS communications if those communications are stored or transmitted in a manner that is accessible to the public. Similarly, voluntary disclosure of information to another permits the other party to relay that information to law enforcement personnel without offending the Fourth Amendment."); Terri Cutrera, The Constitution in Cyberspace: The Fundamental Rights of Computer Users, 60 UMKC L. REV. 139, 151-52 (1991) (concluding that Net users lack legitimate expectation of privacy in "computer service's bulletin board files").

[54]ISPs routinely collect personal information when a customer signs up for Internet access. See Schwartz, supra note 1, at 1627 ("ISPs are in an advantageous position to tie together the information that exists about anyone who surfs the Web. First, the ISP has highly accurate data about the identity of anyone who uses its services. This information is within its grasp because the ISP generally collects the client's name, address, phone number, and credit card number at the time it assigns an account.").

[55]United States v. Kennedy, 81 F. Supp. 2d 1103, 1110 (D. Kan. 2000); United States v. Hambrick, 55 F. Supp. 2d 504, 507 (W.D. Va. 1999).

[56]Hambrick, 55 F. Supp. 2d at 508 ("Cyberspace is a nonphysical 'place' and its very structure, a computer and telephone network that connects millions of users, defies traditional Fourth Amendment analysis. So long as the risk-analysis approach of Katz remains valid, however, this court is compelled to apply traditional legal principles to this new and continually evolving technology.").

[57]Id. Judicial notions of the parameters of Fourth Amendment protection have traditionally evolved with changing technology. Application of traditional Fourth Amendment principles to the telephone initially yielded results contrary to a modern understanding of the Amendment's protection. In Olmstead v. United States, 277 U.S. 438 (1928), the Supreme Court held that the Fourth Amendment was not violated when government agents tapped a telephone line without a warrant since the phone line was not within one of the protected zones specified in the text of the Fourth Amendment: persons, houses, papers, and effects. Forty years later, in Katz v. United States, 389 U.S. 347 (1967), the Court held that warrantless electronic monitoring of a telephone conversation in a public phone booth constituted an unreasonable search in violation of the Fourth Amendment. The shift in the Court's analysis, from the focus on protecting a "place" in Olmstead to the protection of the "person" in Katz, was, in part, an acknowledgment that changing technology necessitated new means of constitutional analysis. The unique nature of the Internet again calls for a change in the manner in which courts evaluate the reasonableness of a search or seizure. See, e.g., Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns (September 15, 1997) (visited March 1, 2000) <http://www.ftc.gov/reports/privacy/privacy3.htm> ("It is unique among communications media in the variety and depth of personal information generated by its use.").

[58]At least one commentator has applied traditional Katz analysis and reached this conclusion. See Simon, supra note 23, at 967 ("Hypothetically, if the police used a device to track where one travels in cyberspace, there is no reason to think that the use of such technology would constitute a search under the Fourth Amendment. When one travels along the digital highway, such movements are knowingly exposed to the public and merit no Fourth Amendment protection. The digital web where a user journeys would be considered the functional equivalent of the public streets. . . . As long as a user travels along a public area in cyberspace, where one can legally view their movements, cyber-tracking devices would not constitute a search.").

[59]United States v. Simons, 206 F.3d 392 (4th Cir. 2000).

[60]Similarly, the court in Smith recognized that because the use of telephones was so commonplace, telephone users know or should know that they are disclosing information (numbers dialed) to the telephone company every time they dial, thereby preventing them from harboring any subjective expectation of privacy. See Smith v. Maryland, 442 U.S. 735, 742-43 (1979) ("First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must 'convey' phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. All subscribers realize, moreover, that the phone company has facilities for making permanent records of the numbers they dial, for they see a list of their long-distance (toll) calls on their monthly bills. . . . Although subjective expectations cannot be scientifically gauged it is too much to believe that telephone subscribers, under these circumstances, harbor any general expectation that the numbers they dial will remain secret.").

[61]In such a case, clickstream searches might be analogized to searches conducted at open and obvious fixed checkpoints, such as airport metal detectors. These searches are constitutionally permissible since their open and obvious nature eliminates any subjective expectation of privacy by giving the subject notice that a search is certain to occur when he or she enters a controlled area, and because they allow the subject to avoid the search by changing his or her behavior. See Michigan Department of State Police v. Sitz, 496 U.S. 444, 463, 473-74 & n.18 (1990) (Stevens, J., concurring) (noting "critical difference" between open and obvious checkpoint searches and other less obvious measures, and discussing permissibility of metal detector searches). See also McMorris v. Alioto, 567 F.2d 897, 901 (9th Cir. 1978) (requirement that the public pass through metal detectors before entering courthouses does not unreasonably violate privacy expectations because search is obvious and public has choice not to enter); United States v. Doran, 482 F.2d 929, 932 (9th Cir. 1973) (no expectation of privacy infringed upon by airport metal detectors). While facially appealing, this analogy fails to recognize that a clickstream search is significantly more invasive than a metal detector or magnetic strip scan. Unlike traditional fixed searches, which look only for particular contraband or criminal activity, clickstream monitoring tracks the entirety of an individual's online activity. This distinction is significant: while an individual can still choose to avoid the search by "opting out" of Internet use, the extensiveness of the potential search is much more likely to change an individual's lawful behavior than a metal detector. For example, an outwardly heterosexual man may be deterred by the prospect of a clickstream search from legally entertaining homosexual fantasies online in adult chat rooms for fear of being "outed." Fringe political groups may become wary of using the Internet to advocate lawful political change over the Internet, or use the Web to engage in legal fund-raising activity. While these concerns are better addressed under the First Amendment than the Fourth, the potential chilling effect on all types of online behavior illustrates the inadequacy of an analogy to metal detectors or fixed checkpoints since those types of searches are limited to curtailing a particular illegal activity. See also Keeping Secrets, supra note 23, at 1607-08 ("A free society demands free discourse, and free discourse requires the ability to communicate privately. If our polity is to engage in vibrant political debate, if our marketplace of ideas is to remain open to radical and innovative suggestions, we must ensure that citizens can speak both freely and privately. Some of our most cherished communications - whispers between lovers, vows between friends - would be stifled if government officials had unbounded discretion to eavesdrop. This necessarily private communication has already moved into cyberspace, and by all accounts will continue to do so in the future. Communication in cyberspace must be protected to the same extent as is more traditional communication if our advancing communication technology is to achieve its full potential without the sacrifice of any of the free speech or privacy that we enjoy today.") (footnotes omitted).

[62]Smith, 442 U.S. at 740 n.5. See also, Bayens, supra note 4, at 278 ("Even relatively novice computer users understand that employers, Internet service providers, and hackers can easily monitor electronic transmissions. However, this recognition should not operate as a bar to Fourth Amendment protections. Electronic communication in its various forms is a practical necessity despite its inherent dangers. Thus, the judiciary or legislature must acknowledge this dilemma and formulate appropriate responses.").

[63]As the Court noted in Smith, "a pen register differs significantly from the listening device employed in Katz, for pen registers do not acquire the contents of communications." 442 U.S. at 741.

[64]The revealing nature of clickstream data has been recognized by leading online privacy advocates. See Center for Democracy & Technology: CDT's guide to online privacy: Terms, supra note 21 ("Personally identifiable transactional data is the information describing your online activities, including web sites you have visited, whom you have sent email, what files you have downloaded, and other information revealed in the normal course of using the Internet. Transactional data differs from the content of a communication in that it is not the actual substance of your communication, but the information about your communication. Traditionally, the content of your communications has received greater protections in the law that [sic] transactional data. Recent developments in the law have given greater protections to transactional data in that it is just as revealing as the content of your communications.") (emphasis added).

[65]See LaFave, supra note 42, at 633 n.61 (questioning whether officers can access library records after Miller, and suggesting that disclosure of library use information might properly take place under "judicial supervision" which regulated the State's activities to eliminate content bias and required showing that suspect's reading practices were relevant to criminal act under investigation) (citation omitted).

[66]See supra note 21 and accompanying text, explaining that clickstream data collection often occurs without the user's knowledge.

[67]A recent study by AT&T found that an overwhelming majority of Web users particularly disliked automated data collection services which provided them with no notice that data was being collected as they surfed the Net. AT&T online press release: Survey: 'One-Size-Fits-All' Privacy Won't Work on 'Net (last modified April 14, 1999) <http://www.research.att.com/projects/privacystudy/press.htm> ("Users dislike automatic data transfer and unsolicited communications. When asked about possible browser features that would make it easier to provide information to a Web site, 86 percent reported no interest in doing so without their taking some action."). See also Bob Tedeschi, Targeted Marketing Confronts Privacy Concerns, N.Y. TIMES (last modified May 10, 1999) <http://www.nytimes.com/library/tech/99/05/cyber/commerce/10commerce.html> ("[R]ecent surveys indicat[e] that Internet users are increasingly uncomfortable with the amount of personal data gathered by online companies, and as online companies become more aggressive about collecting that information."); Federal Trade Commission Staff Report: Online Privacy: General Practices and Concerns, supra note 9 ("Survey results suggest that although many individuals are willing to strike a balance between maintaining personal privacy and obtaining the information and services that new interactive technologies provide, they are concerned about potential misuse of their personal information and want meaningful and effective protection of that information. In the 1994 Harris Survey, fifty-one percent of respondents stated they would be concerned if an interactive service to which they subscribed engaged in 'subscriber profiling,' i.e., the creation of individual profiles based upon subscribers' usage and purchase patterns, in order to advertise to subscribers.").

[68]Smith, 442 U.S. at 749-50 (Marshall, J., dissenting).

[69]As one commentator warns, "The Katz decision . . . included limiting language which specified that a person could not have a reasonable expectation of privacy in things that were 'knowingly expose[d] to the public.' . . . The Supreme Court has used the 'knowing exposure' rationale to transform the reasonable expectation of privacy standard into a simple assumption of risk test. . . . In its evolved form, the Katz privacy test has become a roadblock to fourth amendment protection instead of a roadmap for ensuring it. It strips the individual of a great measure of fourth amendment protection - the single most important characteristic which distinguishes a free society from a police state - simply as a result of living in a high-tech society. Its result is to strip the fourth amendment of its normative values which were intended to regulate and limit the powers of government." Lewis R. Katz, In Search of A Fourth Amendment for the Twenty-First Century, 65 IND. L.J. 549, 564 (1990).

[70]United States v. Simons, 206 F.3d 392 (4th Cir. 2000).

[71]The FBIS is a division of the Central Intelligence Agency. Id. at 395.

[72]Id. at 395-96.

[73]Id. at 398 (emphasis added). See also United States v. Monroe, 52 M.J. 326 (C.A.A.F. 2000) (acknowledging that military serviceman retained legitimate expectation of privacy in email while it was in transmission, but holding that he lacked expectation of privacy in email stored in electronic mailbox on government Internet server when government computer use policy warned him that his account was subject to monitoring).

[74]The fact that ISPs and online businesses are collecting clickstream data instead of the government may ultimately require a defendant to establish that these actors are government agents in order to obtain suppression. That issue is beyond the scope of this article.

[75]See Smith v. Maryland, 442 U.S. 735, 740 n.5 (1979) ("Situations can be imagined, of course, in which Katz' two-pronged inquiry would provide an inadequate index of Fourth Amendment protection. For example, if the Government were suddenly to announce on nationwide television that all homes henceforth would be subject to warrantless entry, individuals thereafter might not in fact entertain any actual expectation of privacy regarding their homes, papers, and effects. Similarly, if a refugee from a totalitarian country, unaware of this Nation's traditions, erroneously assumed that police were continuously monitoring his telephone conversations, a subjective expectation of privacy regarding the contents of his calls might be lacking as well. In such circumstances, where an individual's subjective expectations had been 'conditioned' by influences alien to well-recognized Fourth Amendment freedoms, those subjective expectations obviously could play no meaningful role in ascertaining what the scope of Fourth Amendment protection was. In determining whether a 'legitimate expectation of privacy' existed in such cases, a normative inquiry would be proper.")

[76]Web users can retain a legitimate expectation of privacy in some instances even in the absence of a subjective expectation of privacy. See Smith, 442 U.S. at 740 n.5. See also Hudson v. Palmer, 468 U.S. 517, 525 n. 7 (1984) (noting that Supreme Court has always emphasized objective over subjective prong of Katz test).

[77]Smith, 442 U.S. at 741 n.5.

[78]Id.

[79]See Smith, 442 U.S. at 750-51 (Marshall, J., dissenting). See also California v. Ciraolo, 476 U.S. 207, 220 n.5 (1986) (Powell, J., dissenting) (stating that legitimate expectation of privacy determination "necessarily focuses on personal interests in privacy and liberty recognized by a free society"); Vega-Rodriguez v. Puerto-Rico Telephone Co., 110 F.3d 174, 180 n.4 (1st Cir. 1997) ("In cases in which notice would contradict expectations that comport with traditional Fourth Amendment freedoms, a normative inquiry is proper to determine whether the privacy expectation is nonetheless legitimate.").

[80] U.S. at 750-51 (Marshall, J., dissenting).

[81]See also Keeping Secrets, supra note 23, at 1607 ("The truth is that the application of Katz to new technology is simultaneously normative and descriptive. Deciding which expectations of privacy are reasonable is not simply an empirical determination, but rather requires a judgment about the kind of society in which we want to live; in determining 'reasonable expectations,' we cannot divorce the level of privacy that the Constitution does protect from a judgment about how much privacy our society ought to protect. The Fourth Amendment balances the individual's claim to privacy against the societal demand for effective law enforcement.") (citations omitted).

[82]Although discussion of the types of searches and seizures the Fourth Amendment is intended to cover is typically undertaken as part of the "reasonableness" inquiry, see, e.g., Wilson v. Arkansas, 514 U.S. 927, 931 (1995), it would clearly be improper to deny a defendant the opportunity to raise a Fourth Amendment defense to a search of the type the Framers intended to prohibit merely because courts have developed a Fourth Amendment jurisprudence which is ill-suited to a new communications technology.

[83]General warrants allowed authorities to conduct searches and seizures without particularized suspicion as to place or contraband. See NELSON LASSON, THE HISTORY AND DEVELOPMENT OF THE FOURTH AMENDMENT TO THE UNITED STATES CONSTITUTION 26 (1976) (describing content and service of general warrants: "Persons and places were not necessarily specified, seizure of papers and effects was indiscriminate, everything was left to the discretion of the bearer of the warrant."). Writs of assistance, designed to help enforce customs laws, were even more intrusive than general warrants since they typically granted officers unlimited discretion in conducting searches and seizures. LEONARD W. LEVY, ORIGINAL INTENT AND THE FRAMERS' CONSTITUTION 227 (1988) (detailing 'writs of assistance' which gave customs agents and law enforcement officials broad power to search for and seize any untaxed goods, and explaining that these warrants lasted for the life of the sovereign and could be used without any showing of particularized suspicion); Barbara C. Salken, The General Warrant of the Twentieth Century? A Fourth Amendment Solution to Unchecked Discretion to Arrest for Traffic Offenses, 17 PACE L. REV. 97, 144 (1997) ("Writs of assistance were used extensively in the colonies in the 1760s and were a principal irritant to the colonists. The writs were even more offensive than the general warrants, which had at least been directed at the perpetrators of a particular offense; writs of assistance permitted unlimited discretion and . . . were designed to prevent the American colonies from trading outside the Empire."). One scholar has suggested that the widespread use of writs of assistance was the prime cause of the American Revolution. See Salken, supra at 144-45 ("The relationship of the revolution to the writs is clear. John Adams, who had been a young courtroom spectator during the argument in the writs-of-assistance case, later, wrote: 'Mr. Otis' oration against the Writs of Assistance breathed into this nation the breath of life. [H]e was a flame of fire. Every man of a crowded audience appeared to me to go away, as I did, ready to take arms against writs of assistance. Then and there was the first scene of opposition to the arbitrary claims of Great Britain. Then and there the child Independence was born. In 15 years, namely in 1776, he grew to manhood, and declared himself free.'") (citations omitted).

[84]William J. Cuddihy & B. Carmon Hardy, A Man's House Was Not His Castle: Origins of the Fourth Amendment to the United States Constitution, 37 WM. & MARY Q. 371, 372 (1980) (explaining that colonists were subject to forcible intrusion by British officials acting under authority of general warrants and writs of assistance); Phoebe Weaver Williams, Governmental Drug Testing: Critique and Analysis of Fourth Amendment Jurisprudence, 8 HOFSTRA LAB. L.J. 1, 39 (1990) ("During the period when the English were struggling to free themselves from indiscriminate searches, the American colonists were being subjected to broad and abusive searches.").

[85]Tracey Maclin, Informants and The Fourth Amendment: A Reconsideration, 74 WASH. U. L.Q. 573, 583 (1996) (citation omitted).

[86]Id. at 581 ("The general warrant, or something resembling it, was the usual protocol of search and arrest everywhere in colonial America, excepting Massachusetts after 1756."); Levy, supra note 83, at 224 (noting that 106 of the 108 warrants issued in period of 1700-1763 were general warrants).

[87]Stanley v. Georgia, 394 U.S. 557, 569 (1969) (Stewart, J., concurring) ("The purpose of these clear and precise words [in the Fourth Amendment] was to guarantee to the people of this Nation that they should forever be secure from the general searches and unrestrained seizures that had been a hated hallmark of colonial rule under the notorious writs of assistance of the British Crown."); Stanford v. Texas, 379 U.S. 476, 481 (1965) ("These words [of the Fourth Amendment] are precise and clear. They reflect the determination of those who wrote the Bill of Rights that the people of this new Nation should forever 'be secure in their persons, houses, papers, and effects' from intrusion and seizure by officers acting under the unbridled authority of a general warrant. Vivid in the memory of the newly independent Americans were those general warrants known as writs of assistance under which officers of the Crown had so bedeviled the colonists."). See also, Cuddihy & Hardy, supra note 84, at 372 (stating that the Fourth Amendment's protections "arose from the harsh experience of householders having their doors hammered open by magistrates and writ-bearing agents of the crown. Indeed, the Fourth Amendment is explainable only by the history and memory of such abuse"); Williams, supra note 84, at 39 ("The fourth amendment was the Framers' response to broad and abusive searches conducted by the British government."); Tracey Maclin, When the Cure for the Fourth Amendment Is Worse than the Disease, 68 S. CAL. L. REV. 1, 11-13 (1994) (arguing that the Fourth Amendment was the framers' reaction to a historical period where government actors demonstrated little respect for individual privacy).

[88]William J. Cuddihy, The Fourth Amendment: Origins and Original Meaning 602, 1546 (1990) (unpublished Ph.D. dissertation, Claremont Graduate School).

[89]Salken, supra note 83, at 145. See also Coolidge v. New Hampshire, 403 U.S. 443, 467 (1971) (acknowledging that colonist's chief objection to general warrants was "not that of the intrusion per se, but of a general, exploratory rummaging in a person's belongings").

[90]See Anthony Amsterdam, Perspectives on the Fourth Amendment, 58 MINN. L. REV. 349, 411 (1974).

[91]The litany of potential abuses is limitless since the proliferation of Web sites and services now allows Web users to engage in virtually any activity online. The development of online voting for political office highlights the danger of an indiscriminate clickstream search: law enforcement officers analyzing a suspect's clickstream might well learn the way he or she voted in a cyber-election. See Arizona Democrats (visited May 15, 2000) <http://www.azdem.org/breakdown.html> (describing first binding Internet election in Arizona's Democratic presidential primary in which 35,765 people cast official votes online).

[92]See United States v. Rabinowitz, 339 U.S. 56, 82 (1950) (Frankfurter, J., dissenting) ("By the Bill of Rights the founders of this country subordinated police action to legal restraints, not in order to convenience the guilty but to protect the innocent.").

[93]Vernonia Sch. Dist. 47J v. Acton, 515 U.S. 646, 669 (1995) (O'Connor, J., dissenting) ("[W]hat the Framers of the Fourth Amendment most strongly opposed . . . were general searches. . . . [T]hese various forms of authority led in practice to 'virtually unrestrained,' and hence 'general,' searches. To be sure, the Fourth Amendment, in the Warrant Clause, prohibits by name only searches by general warrants. But that was only because the abuses of the general warrant were particularly vivid in the minds of the Framers' generation, and not because the Framers viewed other kinds of general searches as any less unreasonable.") (citations omitted); Stanford v. Texas, 379 U.S. 476, 482 (1965) ("But while the Fourth Amendment was most immediately the product of contemporary revulsion against a regime of writs of assistance, its roots go far deeper. Its adoption in the Constitution of this new Nation reflected the culmination in England a few years earlier of a struggle against oppression which had endured for centuries."). See also Maclin, supra note 85, at 582 ("The newly emerging 'Americanization' of the right against unreasonable search and seizure was not confined to rejection of the general warrant. Other types of intrusion were also deemed unreasonable. For example, nocturnal searches were universally condemned. . . Unannounced entries were also denounced.").

[94]Numerous scholars have recognized that the Fourth Amendment was prefaced on the broad purpose of protecting citizens against arbitrary governmental intrusion on personal privacy. See, e.g., Maclin, supra note 85, at 584-85 ("Although it did not explicitly outlaw all discretionary searches and seizures, the [Fourth] Amendment initiated and symbolized an ideal that was uniquely American - discretionary invasions of privacy and personal security, whether by warrant or without, violated constitutional liberty. . . [W]e should remember that the Fourth Amendment was designed to check the discretionary power of government to invade individual privacy and security"); Thomas K. Clancy, The Role of Individualized Suspicion in Assessing the Reasonableness of Searches and Seizures, 25 U. MEM. L. REV. 483, 528 (1995) ("The core complaint of the colonists was not that searches and seizures were warranted, warrantless, or unauthorized actions; it was the general, suspicionless nature of the searches and seizures. . . . As they sought to regulate searches and seizures, the framers held certain principles to be fundamental, of which particularized suspicion was in the first rank.").

[95]Maclin, supra note 85, at 585 n.53.

[96]An arbitrary or excessive intrusion upon personal sanctity and privacy by government officials was widely considered the hallmark of an unreasonable search and seizure at the time the Fourth Amendment was adopted. In Boyd v. United States, 116 U.S. 616, 630 (1885), the Court explained that the values underlying the Fourth Amendment were shaped by English common law, particularly Lord Camden's opinion in Entick v. Carrington, 19 How. St. Tr. 1029 (1765), stating:

The principles laid down in this opinion affect the very essence of constitutional liberty and security. . . . [T]hey apply to all invasions on the part of the government and its employees of the sanctity of a man's home and the privacies of life. It is not the breaking of his doors, and the rummaging of his drawers, that constitutes the essence of the offense; but it is the invasion of his indefeasible right of personal security, personal liberty and private property, where that right has never been forfeited by his conviction of some public offense, - it is the invasion of this sacred right which underlies and constitutes the essence of Lord Camden's judgment.