4th Amendment should protect cellphone data

OCTOBER 2017 TERM

Do you carry a cellphone? If so, you should know that your location is tracked, and the government can obtain that information. The U.S. Supreme Court is about to decide a case that could affect your privacy rights: Carpenter v. United States. As our reliance on technology becomes more ubiquitous, questions regarding fundamental rights to privacy become ever more significant. The Supreme Court can ensure the Fourth Amendment continues to protect Americans for years to come.

We live in a world, where we can check our emails, order food, search for directions, and pay our bills using a single small device that we carry everywhere. It is difficult to imagine life without cellphones; these devices have become more than a mere convenience. As we use our cellphones, third parties, such as wireless carriers and email providers, collect vast amounts of information about our use of their services.

Our cellphones connect to cell towers throughout the country. Generally, these devices tend to connect to the cell tower in closest proximity. Wireless companies keep records of the cell towers that each phone connects to throughout the day and, in essence, keep records of their customers’ proximate physical locations and movements. As the number of cell towers continues to increase, and technology continues to advance, location data becomes more accurate.

This location data is sensitive and can be very revealing. In her concurring opinion in United States v. Jones, 565 U.S. 400 (2012), Justice Sonia Sotomayor noted the private and personal nature of the information that location data can reveal, albeit in the context of GPS monitoring. She explained how location data can reveal “a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”

Today, it is not possible to use technology and stay connected without transmitting sensitive data. Do Americans relinquish their expectation of privacy in their location information simply because their wireless carriers have it?

In Jones, Justice Sotomayor noted, “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” When the third-party doctrine was introduced in the 1970s, technology looked very different from today and it played a vastly different role in people’s lives. One thing is clear: Technology was not as pervasive and portable, and more importantly, it was not as necessary.

While conducting criminal investigations, law enforcement agencies request information from wireless carriers and other service providers about customers. According to AT&T’s Transparency Report, the company received more than 100,000 U.S. requests for information between July and December 2016. Google’s Transparency Report reveals that during the same period, the company received more than 13,000 user data disclosure requests from U.S. authorities.

There are restrictions on the type of information law enforcement can obtain, depending on the legal process at hand (subpoena, court order, warrant, or other types of requests). For example, to obtain basic subscriber information (e.g., the subscriber’s name or address), law enforcement generally do not need a warrant and can obtain such information with a subpoena. However, to obtain “content of communications,” law enforcement need a warrant. In United States v. Warshak, 631 F.3d 266 (6th Cir. 2010), the 6th U.S. Circuit Court of Appeals held that people have an expectation of privacy in email content, and that law enforcement need a warrant to obtain that information. The standard to obtain a warrant is higher; law enforcement must make a showing of probable cause.

Law enforcement can request a court to issue what is known as a Section 2703(d) order under the Stored Communications Act, 18 U.S.C. Section 2703(d). The court order would grant law enforcement more information than can be obtained with a subpoena, but less information than can be obtained with a warrant. Law enforcement can obtain what is known as “transactional records” with a Section 2703(d) court order. To obtain such an order, the standard is whether there are “specific and articulable facts showing that there are reasonable grounds to believe” that the information sought “is relevant and material to an ongoing investigation.” In Carpenter, law enforcement obtained cell tower location data pursuant to a court order, because, as the lower court explained, they are records that “fall on the unprotected side of the line. Those records say nothing about the content of any calls.” 819 F.3d 880, 887 (6th Cir. 2016). This location data, however, has the potential of being as revealing and as private as the content of an email.

In Carpenter v. United States, law enforcement used historical location data for a period of 127 days (over four months) to show that Carpenter had been in the vicinity of a string of robberies. The question that arises from the case is whether the government needs a warrant to obtain historical cellphone records revealing the location and movement of a cellphone user over the course of 127 days. It is a rather narrow question, but the answer will have greater ramifications on privacy rights for years to come. Cell tower data is not the only sensitive location data that is transmitted — there are other sensitive data that can reveal location, such as an IP address.

Some lawmakers have already recognized the sensitive nature of location data and the importance of protecting it. In California, for example, under the Electronic Communications Privacy Act (CalECPA), location data, even IP addresses, are considered “Electronic Communication information,” entitled to a heightened level of protection, and generally require a warrant for historical information. In July, U.S. Sens. Mike Lee (R-UT) and Patrick Leahy (D-VT) introduced the ECPA Modernization Act, which would require a warrant for location information.

To hold that Americans have an expectation of privacy in location information does not preclude law enforcement from obtaining this valuable data. Law enforcement would still be able to obtain this information with a warrant, upon a showing of probable cause. As the use of technology has become a necessary, pervasive, and integral part of our daily lives, it is imperative to safeguard the massive amount of sensitive information from unreasonable government intrusion. Let’s hope the Fourth Amendment continues to protect Americans in this digital age.