Mike Masnick shares a link at Techdirt to a new paper that tackles how the 3rd party doctrine has been argued by some to apply to any data stored online. He frames his comments as part of the larger trend, charted through a couple of key court cases, of trying to map out the exact contours of legal protections for privacy in the “cloud”.
The analogies to unprotected phone numbers vs. the content of actual calls, the pre-net example the paper considers, superficially make sense. However, extricating these two classes of information is much more problematic than with plain old telephony. Seemingly safe to reveal metadata about web pages requested can still be used to deduce far more private information than with a telephone number. The example I’ve seen cited is how even just an IP address and a count of bytes transferred in a single request can yield a specific web page or document with a high degree of accuracy.
I wonder if the 3rd party doctrine is the wrong framing here. Not that I can suggest a more constructive alternative but due to the architecture of the network systems we use, I am not optimistic that we can fruitfully tease apart innocuous data from the easier to spot personal data.