Oh, The Places You’ll Go: Mobile Geolocation Data and the 4th Amendment – Lexology (registration)

Posted: June 28, 2017 at 5:56 am

Early this month, the U.S. Supreme Court addedCarpenter v. United Statesto the roster for consideration in the upcoming October term.Carpenterwill mark the Courts first chance to address an important, as-yet unresolved question in the digital age: Does the Fourth Amendment require a warrant for law enforcement officials to obtain cell site location information, or CSLI, which reveal the location and movements of a cell phone user?

The case will address the tension between the Fourth Amendment and the Stored Communications Act, which Congress enacted as Title II of the Electronic Communications Privacy Act of 1986. The SCA specifies procedures that law enforcement may use to obtain certain records from third-party electronic communication services or remote computing services. But it does not require a warrant. Since its enactment, third-party service providers have routinely cooperated with law enforcement requests to disclosesubject to certain statutory requirementscustomer data. And notably the petitioner here does not attack the constitutionality of the SCA. Rather,Carpenterasks whether companies should require a warrant, supported by particularized findings of probable cause, before disclosing CLSI. This question has caused considerable doubt among service providers, which must balance responding to law enforcement demands for information with the privacy interests of their customers, and which also require a clear roadmap about what the appropriate procedures are.

The uncertainty among service providers responding to requests for customer information under the SCA is exacerbated by the existence of a significant circuit split concerning whether the Fourth Amendment applies to CSLI. There have been no fewer than 18 separate majority, concurring and dissenting opinions across five circuit courts on the issue, and courts have fractured over whether there is any reasonable expectation of privacy in CLSI and other customer data.Carpenterimplicates three different strains of Fourth Amendment jurisprudence: (1) the third party disclosure doctrine, (2) the physical trespass doctrine, and (3) the distinction between content and non-content information. The case will have the Court decide whether these doctrines, which first arose in the pre-digital world, still have continuing vitality today. And it will allow the Court to consider whether the accumulation of data by third-party service providersnow commonplacegives rise to any new privacy interests under the Fourth Amendment.

Background

In connection with the investigation of a series of armed robberies, federal prosecutors moved under the SCA for court orders requiring two cellular service providers to disclose 187 days of phone records, including CSLI, for petitioner Timothy Carpenter. Based on the CSLI, the government charged Carpenter with aiding and abetting robbery. Carpenter moved to suppress the evidence, but the district court rejected Carpenters argument and held that the governments collection was not a Fourth Amendment search. On appeal, the Sixth Circuit affirmed, holding (1) that the records did not disclose the contentof communications and thus were not entitled any Fourth Amendment protection; (2) that the disclosure of the records to third-party cellular providers defeated any reasonable expectation of privacy under the seminal caseKatz v. United States, 389 U.S. 347 (1967); and (3) that the physical trespass doctrinewhich the Supreme Court had revived in its recentRiley v. California, 134 S. Ct. 2473 (2014), andUnited States v. Jones, 565 U.S. 400 (2012), decisionsdid not apply.

Concurring in the outcome on alternative grounds, one member on the panel, Judge Jane Branstetter Stranch, wrote separately to air her concerns about the Fourth Amendment tests that courts have applied in this rapidly changing area of technology, especially in light of the sheer quantity of sensitive information procured without a warrant.

The Old Ways Just Dont Work

Carpenterdemonstrates the difficulty of applying the canonical tests under existing Fourth Amendment jurisprudence to the modern day. For example, there is the third party disclosure doctrine, which grows out ofKatzs reasonable expectation of privacy test. For someone to have a reasonable expectation of privacy in a piece of information, (1) that person must subjectively exhibit an expectation of privacy and (2) that expectation must be objectively reasonable. The core concept is that people have no reasonable expectation of privacy in any information they disclose to third parties, because they already subjectively surrendered any such expectation with the fact of disclosure. Where the doctrine applies, you cannot even get past the first step of theKatzframework, andKatzhas remained black letter law on the books for half a century now. But in the digital age, where persons passively disclose so much information about themselves (and their whereabouts) to third parties at all times, what reasonable expectation of privacy could possibly be left?

Or take the related distinction that the Fourth Amendment marks between content information and non-content information, such as addressing. The idea here is that a person has no reasonable expectation of privacy in non-content information, because that is frequently disclosed, either to third-party service provider or to the public more broadly. Consider, for instance, a package sent through the mail: itscontentsare unknown and thus the sender has a reasonable expectation of privacy in that. But all other information about the packagethe return and target address, the amount of postage on it, its size, shape, and weightis ascertainable by any mail carrier or member of the public that comes into contact with it. And so there is no reasonable expectation of privacy in that kind of information. On balance, CLSI appears closer to what courts have traditionally considered addressing or other non-content information: it does not tell you what a person said or did, it just shows you where a person was.

Finally, there is the trespass theory of the Fourth Amendment, which the Supreme Court resurrected in its recent cases dealing with technology. InJones, the Court held that the unauthorized placement of a GPS tracker on a car for long-term surveillance triggered Fourth Amendment protections. Similarly, inRiley, the Court held that law enforcement needed a warrant to search a mobile phone. But this trespass notion does not appear to have any place inCarpentereither. Police did not track Carpenter, or break into his cell phone; they merely asked for records from a third party who kept them.

None of these doctrines apply cleanly. Still, given the accumulation of information, there is still some visceral notion that the Fourth Amendment should apply here. The only question is how?

How MayCarpenterResolve This Tension?

While the petitioner here did not request a full rejection of the third party disclosure doctrine, the Court may cull back on the third party disclosure doctrine. Chief Justice Robertss majority opinion inRileysuggested that persons still have some reasonable expectation of privacy in sensitive information collected over mobile phones and stored by service providers. Similarly, Justice Sotomayors concurrence inJoneswarned against a strict application of the third party doctrine: I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose, is for that reason alone, disentitled to Fourth Amendment protection. In both cases, the Court signaled that stringent adherence toKatzmay stop making sense as technology evolves. But those cases both side-stepped the issue by instead turning to the doctrine of physical trespass, and that doctrine cannot sensibly apply to the facts ofCarpenter.

It is also possible that the Court might create a new strain of jurisprudence based on the quantity of records requested. Such an approach would likely introduce certain issues of line-drawing, for instance, if a warrant is required for long-term tracking, while the SCA is sufficient for short-term. But, as Justice Samuel Anthony Alitos concurrence inJonesand Judge Stranchs concurrence in theCarpentercase point out, that might be appropriate. After all, in the modern era, it is not the disclosure of individual, isolated data points that seem problematic, but rather the accumulation of that data over time.

Which test will the Court apply? Service providers, and their customers, will have to wait until this October term to find out.

Here is the original post:
Oh, The Places You'll Go: Mobile Geolocation Data and the 4th Amendment - Lexology (registration)

Related Posts