PRIVACY + SECURITY BLOG

News, Developments, and Insights

Errors in Databases

Earlier this week, the U.S. Supreme Court decided Herring v. United States, a case examining whether the exclusionary rule should apply to a search that was based on an error in a database.

In particular, due to a negligent error in a computer database indicating that there was an outstanding felony arrest warrant for Bennie Herring, he was arrested and a search incident to arrest revealed drugs and a gun (which he was not permitted to possess since he had a previous felony conviction).

The Supreme Court, in an opinion by Chief Justice Roberts, concluded that the justification for the exclusionary rule is deterrence and that the deterrent benefits in this case were too minimal to support exclusion. The Court wrote that “the exclusionary rule serves to deter deliberate, reckless, or grossly negligent conduct, or in some circumstances recurring or systemic negligence. The error in this case does not rise to that level.”

Orin Kerr contends that the case is “a replay” of Arizona v. Evans, 514 U.S. 1 (1995), a previous case upholding a search based on an erroneous database. In contrast, Tom Goldstein argues that Herring constitutes a more dramatic curtailment of the exclusionary rule:

The opinion has nothing to do with the fact that the error here is one of recordkeeping. It applies fully to negligence by police officers in their day-to-day determination whether there is probable cause to conduct a search. If the officer makes an objectively reasonable mistake – i.e., he is merely negligent – the exclusionary rule does not apply to whatever evidence he finds. Put another way, the Supreme Court today extended the good faith exception to ordinary police conduct.

Orin disagrees, reading Herring as a narrow decision, not going much further than Evans: “In particular, I don’t see it as suggesting a general good faith exception for police conduct. Such a position would be an extraordinary shift in Fourth Amendment law that would effectively overrule a ton of cases.” Is Orin right? Is Goldstein’s fear just a Red Herring?

I hope Orin is right, but two things give me pause. First, the Court states at the beginning of Part II: “When a probable-cause determination was based on reasonable but mistaken assumptions, the person subjected to a search or seizure has not necessarily been the victim of a constitutional violation.” This is framed much more broadly than the issue in Evans, which was:

This case presents the question whether evidence seized in violation of the Fourth Amendment by an officer who acted in reliance on a police record indicating the existence of an outstanding arrest warrant — a record that is later determined to be erroneous — must be suppressed by virtue of the exclusionary rule regardless of the source of the error.

Note that in Evans the Court explicitly focuses on errors in police records.

Second, at the end of its opinion in Herring, the Court states:

Petitioner’s claim that police negligence automatically triggers suppression cannot be squared with the principles underlying the exclusionary rule, as they have been explained in our cases. In light of our repeated holdings that the deterrent effect of suppression must be substantial and outweigh any harm to the justice system, e.g., Leon, 468 U.S., at 909-910, we conclude that when police mistakes are the result of negligence such as that described here, rather than systemic error or reckless disregard of constitutional requirements, any marginal deterrence does not “pay its way.” In such a case, the criminal should not “go free because the constable has blundered.” (some citations omitted)

One could read this in two ways: (1) as signaling a broader rule, that police searches that violate the Fourth Amendment, if based on negligent assumptions rather than a higher standard of fault, will not trigger the exclusionary rule; or (2) improper police searches based on the kind of database error in this case (“the result of negligence such as that described here”) will not trigger the exclusionary rule.

Ultimately, only future cases will tell us whether this is the start of a new broader rule or just a restatement of Evans. If the Court were just restating Evans, why bother taking the case only to affirm a routine application of Evans?

As for the merits of the case–narrowed to the issue of database errors–I think that there must be some kind of deterrent in place in order to justify not applying the exclusionary rule. I agree with the Court that the exclusionary rule shouldn’t be automatic for any erroneous search. However, I find the Court’s dismissal of the potential deterrent effects of the exclusionary rule in this case to be far too glib. The Court fails to address, in the absence of the exclusionary rule, how deterrence will be enforced. The Court doesn’t seem to care — if the errors aren’t systemic, then they’re of little importance. The Court seems fixated on forcing defendants to establish that there are systemic errors in police databases, something that can be very difficult to prove. Moreover, it might be too high a threshold — a database might have a number of avoidable errors in it yet not rise to the level of systemic errors. All errors should still be deterred. There must be some kind of penalty or consequence for an error. In Herring, because of the Court’s decision, the police benefited from the error.

I would therefore hold the following: If a particular database has reasonable protections and deterrents against errors, then the Fourth Amendment exclusionary rule should not apply. If not, then the exclusionary rule should apply. Such a rule would create an incentive for law enforcement officials to maintain accurate databases, to avoid all errors, and would ensure that there would be a penalty or consequence for errors. Under Herring, there is no such incentive so long as the databases aren’t systemically erroneous.

Originally Posted at Concurring Opinions

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.

Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
*
LinkedIn Influencer blog
*
Twitter
*
Newsletter

TeachPrivacy Ad Privacy Training Security Training 01