A Supreme Court case this week could change US digital privacy standards

As the leaves fall, the high court mulls privacy in a time of change.
As the leaves fall, the high court mulls privacy in a time of change.
Image: Reuters/Yuri Gripas
We may earn a commission from links on this page.

You wouldn’t leave home without your smartphone. It gets you everywhere you need to go, and keeps you connected. But, by pinging nearby cellphone towers, it’s also leaving a trail of digital breadcrumbs that the government can follow.

This location data tells a story about where you’ve used your phone. Whether that story is protected by the Fourth Amendment of the US Constitution, which prohibits unreasonable searches and seizures by the government, is a question now before the US Supreme Court. On Nov. 29, the justices will hear oral arguments in Carpenter v. US (pdf), a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data.

For now, they do not. Mobile-service providers collect “cell site location information” (CSLI) for all phones, ostensibly to use for things like improving their networks. The US government considers these data “routinely collected business records” rather than private information. That means it can demand the records without proving probable cause.

That’s what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter’s trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider’s service, he agreed that his call records weren’t private information belonging to him, but rather business records belonging to the company. Therefore, he should have “no reasonable expectation of privacy” when it comes to these records, government attorneys wrote.

Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller. The appeals court concluded that, under what’s called the “third-party doctrine,” Americans don’t have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.

Carpenter appealed. ”Tracing a person’s geographical movements reveals highly sensitive personal information, and prior to the digital age, people reasonably expected that police in most investigations would not have followed a person and recorded her every movement for days or weeks on end,” Carpenter’s attorneys at the American Civil Liberties Union wrote in their August appeal to the Supreme Court (pdf).

The high court agreed this past July to hear the appeal, and to consider whether this age demands a new, more nuanced approach to data privacy questions.

Carpenter’s attorneys liken cumulative location-data collection to long-term GPS tracking. Cops can’t just attach a GPS to a car and secretly track a suspect without probable cause, based on US v. Jones, a 2012 Supreme Court case. The same standard should apply to CSLI, they write: “When the government employs new technology to obtain sensitive personal information in a way that diminishes the degree of privacy that individuals reasonably expected prior to the technology’s adoption, it conducts a search under the Fourth Amendment.”

This case has major implications for all US cellphone users, which includes about 95% of Americans. Technology companies, like Apple, Amazon, Facebook, Google, Twitter, Verizon and many others joined in an amicus curiae brief supporting Carpenter and arguing that even “non-content data” like location should be private, and protected by the constitution.

This matters to these companies not just because they deal with smartphone data, but also because it could influence the future of cloud-connected devices. The internet of things could be a lot less appealing if consumers thought that connecting their homes, cars, fridges, computers, and phones was just making them easy targets for government intrusion.

Other groups that have no financial stake in the outcome agree. Columbia University’s Knight First Amendment Institute filed an amicus brief (pdf) arguing that authorities should be forced to get a warrant based on probable cause in order to access mobile phone location data. The institute made its case on the the basis that our relationship to smartphones is exceptionally intimate. They argue:

CSLI tracking is personal…[and] highly likely to correspond to the precise location of an individual. This contrasts with other surveillance technologies, such as GPS devices attached to cars, which generally remain on roads, in driveways, or in garages. In contrast, the majority of individuals carry their phones on their person or within several feet the majority of the time. This means that CSLI allows the government to track individuals, not just cars, and through private spaces, not just public ones.

Critics say the 1970s precedents authorities are relying to justify obtaining this information is dated. An active smartphone-user’s device connects to cell towers hundreds of times a day. That’s the state of things right now; however, the amount of data collected by tech companies is likely to grow in coming years as towers proliferate and society becomes increasingly reliant on connected devices. The story these location pings tell will probably get ever-more granular and revealing with time.

Americans on the left and right don’t agree on much of late, yet this is one case that unites many. The government’s critics in this case include the Gun Owners Foundation, Gun Owners of America, Inc., Citizens United, Citizens United Foundation, Downsize DC Foundation, the Conservative Legal Defense and Education Fund, and other conservative organizations who joined in an amicus brief for the petitioner. In their filing, they write: “The government certainly cannot rely on supposed voluntary submission of data to a cell phone provider when it was the federal government that designed the very system of cell phone use that now exists.”