In recent months, real-estate agents disclosed to potential home buyers that some sellers used their home surveillance cameras to remotely spy on buyers during open house tours. However, real-estate agents were not surprised about this practice, given the high value sellers place on their home and the benefit this surveillance could provide. For example, sellers might be able to find out which buyers were truly interested in buying the home using audio surveillance.\nLaw enforcement officials have an interest in gathering this information as well, with some calling upon homeowners and tech companies to surrender home surveillance recordings to prevent crime. The decision to turn over home surveillance recordings to law enforcement without probable cause or a warrant is an ethical and legal concern.\nGiven the possible consequences of home surveillance, all individuals should be able to decide whether homeowners can collect surveillance recordings and whether homeowners should offer notice and obtain consent before doing so. This post will focus on whether homeowners should give guests and other authorized individuals the ability to consent to home surveillance before entering the home. Specifically, should homeowners give visitors the ability to consent to home surveillance prior to entering the owner's home? If so, should visiting parents be offered the opportunity to consent for their visiting children? If parents can provide consent, what would that consent look like and how would devices respect informed consent, especially if children are visiting without their parents?\nWhy are home surveillance devices a growing privacy concern? \nModern home surveillance devices now allow individuals to obtain and retain video and audio recordings of other individuals for long periods of time. Some of the features touted include:\n\nVideo recording of individuals within the home\n\n\nTwo-way audio (to hear sounds within the home, record spoken words, and speak audio through the device)\n\n\nWi-Fi connectivity for both home and outside access to recordings\n\n\nMotion sensors and mobile notifications\n\n\nCloud storage for recordings\n\n \nWhy should parents care?\nAny homeowner could have video or audio recordings of you and/or your children accessible at any time of day on a number of mobile devices for an indefinite amount of time. In addition, many device features, if used improperly, could violate existing state and federal wiretapping and eavesdropping laws. Some individuals may break those laws if they do not pay attention to what conversations they are recording and how they handle storage or sharing of these recordings (see endnote 1). \nWhat is the difference between wiretapping and eavesdropping?\nThere is a distinction between wiretapping and eavesdropping. Wiretapping often indicates the use of devices to intercept, monitor, and record wire communications, while eavesdropping means to overhear, record, amplify, or transmit any part of private communication without at least one party's consent. Although distinct, the two acts often intersect.\nWhat are the federal laws?\nThere are two types of laws associated with surveillance: the common law expectation of privacy test and the Federal Wiretap Act. \nExpectation of Privacy Test\nThe expectation of privacy test is a common law doctrine, adopted by the United States Supreme Court in the late 1960s, that has traditionally been used to determine if there has been a Fourth Amendment violation of an individual's reasonable expectation of privacy. Fourth Amendment violations may occur when the government conducts an unreasonable search or seizure. To qualify as a "search" or "seizure," there must be a reasonable expectation of privacy in the thing or person searched or seized. Government entities traditionally overcome this burden by obtaining a warrant based on probable cause for all searches under the Fourth Amendment.\n \nSo what is a reasonable expectation of privacy? There are two components: a subjective expectation of privacy and an objective expectation of privacy. The subjective component asks whether the person searched had an expectation of privacy, while the objective component asks whether society would consider that person's expectation of privacy as reasonable. While the expectation of privacy test does not apply to private invasions of another's expectation of privacy (lawsuits between two individuals, as opposed to an individual and the government), it is important to consider, because objective expectations of privacy change over time, varying from technology to technology. For example, the Supreme Court held in 1976 that there is no objective expectation of privacy over some bank records, but also stated in 2018 that there is an objective expectation of privacy over cell phone location data. The recent increase in adoption of home surveillance technology could change society's objective expectation of privacy to one that tolerates less privacy in the home. Furthermore, some state laws rely on the expectation of privacy test to determine if a crime has been committed (see endnote 2).\n \nMore importantly, the expectation of privacy test has grounded constitutional privacy protections for the home and immediate surrounding areas. Examples of places and things in which one cannot have a reasonable expectation of privacy include open fields, roads, and information given to third parties. However, recent laws like California's Electronic Communications Privacy Act (CalECPA) provide more privacy protections to information shared with online third parties.\n \nFederal Wiretap Act\nThe Federal Wiretap Act makes it illegal to intentionally interfere, attempt to interfere, or influence another to interfere with oral communication using electronic, mechanical, or other devices that transmit signals through wire or radio. In other words, it is illegal to use a device to secretly listen to a conversation. This act was initially passed in response to wiretapping conversations on telegraphs, but has expanded to include telephone and internet conversations. Wiretapping, however, is permitted as long as one of the parties in the conversation, either the recorder or the person being recorded, gives prior consent. Consent can either be express or implied through actions. As always, there are exceptions to the rule, but most of these exceptions apply only to law enforcement.\n \nWhat are the state laws?\nState wiretapping and eavesdropping laws vary; however, there are typically two categories under which a state's laws can fall: one-party consent or two-party consent. One-party consent states, like federal law, only require that one party in the conversation provide prior consent to wiretapping. A whopping 38 states and the District of Columbia fall within this category. In contrast, 12 states, including California, are two-party consent states. This means that both parties to a conversation must provide express or implied consent prior to recording. For the purposes of this discussion, we will focus on California law. For information about each state's wiretapping and eavesdropping laws, click here.\nCalifornia Invasion of Privacy Act (CIPA)\nThe CIPA makes it illegal for a person to intentionally eavesdrop or record a confidential communication using electronic amplifying or recording devices. Under CIPA, "confidential communication" means "any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto." California courts have debated the definition of "confidential communication," ultimately deciding that its meaning is based on the objective expectation of privacy, as discussed above. In the end, objective expectations of privacy depend on the totality of the circumstances to indicate whether or not one could reasonably expect to have privacy in the conversation. Consider this case, where an undercover NBC film crew did not violate objective expectations of privacy when it recorded two telecommunications representatives in a restaurant without their consent.\n \nShould parents and/or their children expect some level of privacy in another person's home?\nThis question is really two-fold: (1) In general, can a person have a reasonable expectation of privacy in someone else's home, and (2) does a conversation in someone else's home fall within the definition of a "confidential communication"?\nCan you have a reasonable expectation of privacy in someone else's home?\nIt depends. Because the expectation of privacy test relies on factual circumstances, your expectation of privacy may or may not be reasonable depending on which area of the person's home you claim to have privacy. \nFor example, society would likely argue that you have an expectation of privacy in the homeowner's bathroom, but not their living room. In fact, society may even deem conversations as private when they are held in the bathroom but are unknowingly audible outside of the bathroom. On the other hand, society would not likely support an expectation of privacy in the living room, because guests are expected to have conversations with people outside of the home or family. For example, a federal appeals court dismissed a medical lab's lawsuit against ABC Broadcasting Company for filming within the facilities, because parts of the lab were open to the public and none of the conversations recorded were of a personal nature. \nDoes a conversation in someone else's home fall within the definition of "confidential communication"?\nFactual circumstances indicate whether or not the speaker had an intent to keep the conversation confined. If a conversation is not in public, there is likely an intent to keep the conversation private. The line between public and private is often ill-defined. While some guests may consider another's home as a private place, others may consider these guests' expectations as unreasonable. Perhaps, lawmakers and/or courts will answer this question more definitively in the near future.\nShould homeowners warn parents of home surveillance devices before those parents or their children enter the home?\nThere is already a consensus that all homeowners are free to install any home surveillance device they choose, but there is also discomfort in knowing that someone is surreptitiously listening to your conversations. A homeowner must warn people that devices may be recording them in two-party consent states. In one-party consent states, warning efforts are left to courtesy. Verbal warnings are not the only option, however. Warning lights, sounds, posted placards, personal detection apps, and screen readouts are some recommended examples to provide notice to guests in the home that recording devices are present and collecting information.\nIf you as a homeowner are uncomfortable disclosing this information to guests, then you could turn off any recording devices before guests enter your home, or at a minimum, do not share or otherwise disclose your video or audio recordings of your guests. This is especially important for audio recordings because they trigger wiretapping and eavesdropping laws. \nIf possible, homeowners can edit recordings to remove all or parts of audio or video when guests do not provide consent. Members of both the Texas Association of School Boards and the Ohio School Boards Association recommend editing as a technique to de-identify students who have not consented to recording but have already been recorded.\nCan surveillance warnings apply to nontraditional surveillance devices as well as to traditional home surveillance cameras?\nBaby Monitors\nAside from the Amazon Echo and the Google Home, there are a number of devices that could qualify as surveillance devices depending on how they operate and what they record. The one most parents do not suspect are wireless network-enabled baby monitors, which have appeared in the news in recent years for their poor security and easy hackability. Like home surveillance cameras, these new-age baby monitors feature two-way audio, cloud storage, video and audio recording, and Wi-Fi connectivity. In exchange for ease of use and accessibility, parents could potentially provide hackers with access to video of their children's room, often at a cost to both the parents' and child's privacy. If a baby monitor records audio (a majority of which do), then the recordings may be subject to a reasonable expectation of privacy (depending on where the monitor is placed) and applicable wiretapping laws.\n \nSmart Thermostats\nAnother unsuspecting surveillance device is a smart thermostat. Smart thermostats tout their abilities to conserve energy usage when a user is away from home. To do this, smart thermostats require users to install apps on their mobile device to know the user's location or to schedule rules based on the time of day. Using a combination of motion sensors within the thermostat at home, the user's mobile location (geofencing), and previous adjustments to settings over long periods of time, smart thermostats can anticipate a user's optimal temperature for all times of the day. For example, a smart thermostat could automatically increase or decrease the temperature to 70 degrees every day at 7:00 a.m. because the device has learned that this is the desired temperature from past settings. At 4:30 p.m., the thermostat could also decrease the temperature of the home because data from the mobile app and past settings informed the thermostat that the user is likely headed home and desires the home to be at a colder temperature when they arrive. \n\nWhile smart thermostats seem innocuous, they can easily know exactly what their users do every day by logging location and motion sensor data. This data, like the device itself, can be shared with smart home devices like the Amazon Echo and other third parties. Although there is no explicit expectation of privacy for smart thermostats, courts may one day deem that data collected from users through geofencing (regardless of device type) is subject to an objective expectation of privacy, much like cell tower-generated location data as mentioned previously. \nWi-Fi or Bluetooth-Enabled Smart Devices\nAlthough it's unconventional, researchers have used Wi-Fi and Bluetooth signals to identify a person's location and/or movements within a confined space. \nHow do Wi-Fi-enabled and Bluetooth beacon devices work? First, Wi-Fi routers and Bluetooth beacons send requests for information to nearby devices. Routers are devices that control information flow through different computer networks. Nearby Wi-Fi and Bluetooth devices respond to these requests by sending information back to the router or beacon. The beacon or router then sends information back to the device, making adjustments throughout the process to tailor efficient communication with each connected device. This process also allows a router or beacon to determine a device's proximity to the router or beacon based on its signal strength, which individuals can use to triangulate the device's relative location.\nResearchers have successfully used Wi-Fi information from a router to identify people's movements. Because bodies can absorb, disrupt, or otherwise interrupt Wi-Fi signals, researchers can use records of these interruptions to determine different movements. Bluetooth-enabled devices can also record a person's presence relative to another Bluetooth-enabled device; however, the accuracy of this information depends on the devices' signal strength. At times, the signal strength can vary so greatly that it is impractical to accurately determine one's distance or location.\nBecause these devices have a large wireless range, there may likely be a reasonable expectation of privacy within a Wi-Fi signal range if the range includes an area with an existing reasonable expectation of privacy, such as the bathroom. It is more difficult to argue that one has a reasonable expectation of privacy in a specific Wi-Fi signal range, because this range is not definitive and crosses physical borders. Moreover, because current eavesdropping laws apply to audio recordings, there may not be a default reasonable expectation of privacy in Wi-Fi signal data. In the near future, lawmakers and/or courts may be asked to consider the pervasiveness of data from Wi-Fi-enabled devices in the same vein as cell tower-generated location data. \nAre there possible solutions to protect parents and children from home surveillance without consent?\nTo obtain informed consent, manufacturers could include a common spoken command for all devices that are marketed for home surveillance that could respond to guests. These commands could be either auditory warnings, such as "Stop recording," or mobile phone notifications sent to users when connected to the same Wi-Fi network as the router or same Bluetooth range as the beacon. Manufacturers could also send notices to mobile devices asking for consent from guests by taking advantage of Wi-Fi and Bluetooth signals that are continuously emitting from unrecognized devices. Although guests would have the ability to opt in, this solution would still require manufacturers to collect information about the device and its location prior to obtaining user consent. Manufacturers should understand that information collected for the purpose of obtaining consent should not be retained because this information alone could provide deep insight into the private homes, people, and locations that individuals visit.\nAs for parents, if home surveillance is present, a fast and feasible solution is to request that you and/or your children meet other individuals in public places, such as parks and restaurants. However, because people cannot have a reasonable expectation of privacy in public, all parties should be aware that undisclosed surveillance could be present, such as outdoor security cameras. \nAnother option is to ask the homeowner whether or not they have indoor home surveillance cameras and/or smart home audio recording-enabled devices before entering the home. This allows parents to control consent, rather than relying on manufacturers, by allowing parents to ask homeowners to turn these devices off. In communicating privacy choices with informed consent on behalf of yourself and/or your child, you effectively educate the homeowner about how their surveillance devices may affect other people's privacy, and advocate your own expectation of privacy for your children. When it comes to privacy and surveillance, conscious advocacy normalizes consent for the collection of information and increases society's objective reasonable expectation of privacy in the home. \n\t \n\nEndnotes\n1. See Federal Wiretap Act, 18 U.S.C. \u00a7 2511 (2018); California Invasion of Privacy Act, Cal. Penal Code \u00a7\u00a7 630-638.55 (2018). \n2. See Flanagan v. Flanagan, 27 Cal. 4th 766, 774 (2002) ("So construed, the [California Invasion of Privacy Act] includes within the statutory protection any conversation under circumstances showing that a party desires it not to be overheard or recorded [, . . . ] then excludes a conversation under circumstances where the party reasonably believes it will be overheard or recorded.").