State Sen. Jim Runestad had seen his proposal die on the Senate floor without a vote twice already as a member of the House. He decided to push for it once more when he was sworn into the Senate in 2019, and it almost died again. It came down to right before the Senate broke in the spring.
“That very last day,” Runestad said. “The last minute of the last day, it passed unanimously off (the) floor. If it didn’t pass it wouldn’t have been on the ballot.”
Runestad’s proposal, which is now before voters as Michigan Proposal 20-2 on the November ballot, would amend the state constitution to require government and law enforcement officials have a search warrant to access a person’s electronic data or electronic communications.
If passed, the amendment would make Michigan the third state with such a law.
As life becomes increasingly online, the issue of data privacy has become more pressing. An individual’s online data can range from their web browsing history to what they watch on Netflix to the routes they drive to work, said Johannes Bauer, a professor of media and information at Michigan State University.
“(It is things about ourselves) that we may, historically, have been very comfortable sharing with a small group of people that we trust, but not necessarily that we want to broadcast widely,” Bauer said.
Bauer said online data from different sources —for example, a cellphone and a computer —can be combined to create a profile of an individual.
“All of the sudden you are able to put together details and reconstruct individuals’ whereabouts and their activities in ways that were impossible before,” Bauer said.
He said people also often have limited ability to understand what of their data is available. Law enforcement agencies have made good use of this information using tools — called Stingray and Hailstorm — that mimic phone towers to pinpoint a person’s location and gain access to all of the information on their cellphones.
Runestad said this technology is the reason he pushed so hard for the proposal. He said law enforcement can use them with little accountability.
“So unless it is very securely kept and you have good policies in place,” Runestad said, “the abuses could just be enormous with this kind of equipment.”
According to a 2015 report issued by the ACLU, state police in Michigan have spent hundreds of thousands of dollars using this kind of equipment since 2006 to locate and track cellphones.
Derek Carr, president of HelpDesk LLC, a Lansing-based information technology company that provides data management and security, said he has worked with law enforcement agencies and knows about the data collection process when served with a warrant.
“Information that is gathered in the process of a search warrant has evidentiary rules wrapped around its collection, storage, retention and use,” Carr said in an email.
These processes that come with a warrant add structure and expectations to an otherwise unregulated practice. Although not enshrined in the constitution or law, it is common practice for law enforcement to receive authorization before seizing an individual’s data, yet Bauer said there is still reason to put it into the constitution.
“If it’s embedded in a constitutional statement, then you have a higher power of enforcement,” Bauer said.
A constitutional amendment also gives future court and common law cases a base to from which to build as additional questions about data security and online privacy are raised.
The current proposal creates exceptions under exigent circumstances, which Runestad said would be in situations where immediacy could mean saving a life, like in the instance of a child who has been kidnapped.
Where you don’t have time for anything,” Runestad said, “you have to instantaneously pursue this person using whatever technology you can, or the child’s going to be dead.”
Carr said consumers need to be more cognizant of the technology in their homes and what kind of data it might collect.
“If you take a look around many American homes the number of digital devices is increasing,” Carr said. “Any digital device with a camera or microphone that is connected to a network has the potential to be hacked, or used in an unexpected way.”