When Massachusetts Institute of Technology professor Stuart Madnick teaches his class on the ethics of cybersecurity, he begins by polling his students on whether they highly value privacy. Year after year, the results are consistent: nearly all of his students agree.
Then, he polls them on whether they highly value security. Again, he receives a near-unanimous affirmation. His third and final poll gets at the crux of his lesson: What happens if data privacy and security are pitted against one another? Which one becomes more important?
Suddenly his students’ opinions scatter across the spectrum.
This tension between security and privacy is a perennial question for the US Supreme Court, and its latest incarnation comes in the form of Carpenter v. US, which the high court is hearing arguments on today (Nov. 29). The case, which hinges on whether the government needs a warrant based on probable cause to see your cell-phone location data, could have far-reaching implications on consumer privacy in the digital age.
“The ruling is highly critical,” Brenda Sharton, a litigation partner and chair of law firm Goodwin’s privacy and cybersecurity group, told Quartz. “Each time the US Supreme Court opines on these matters, it’s highly relevant to what happens in your life.”
And if the court rules in favor of easy reach for law-enforcement authorities, there may not be much you can do to avoid having the government know where you have been at all times—short of giving up your phone.
As Quartz’s Ephrat Livni reported in her explanation of the case, it grew out of the criminal conviction of Timothy Carpenter, who was accused of a series of armed robberies in Detroit, Michigan. At trial, prosecutors used 127 days of cell-phone location data to help make their case. But they obtained the nearly 13,000 data points from private companies without probable cause. Carpenter sued, arguing that such data collection was illegal. Prosecutors in turn argued that Carpenter had turned over ownership of his call records to a third-party business when he signed up for his phone service and had “no reasonable expectation of privacy.”
The Supreme Court must now decide whether the government violated the Fourth Amendment—the constitutional protection against unreasonable searches and seizures, which requires that the government to seek a warrant based on probable cause before searching private information and spaces.
What concerns a long roster of big tech companies and conservative organizations that have filed amicus briefs to side with Carpenter is the potential consequences of a ruling in favor of the government. If the court determines the government doesn’t need probable cause to access volumes of individuals’ location data, it could open the doors to a new era of official surveillance.
“The use of a cell phone is something that is nearly universal, so you’re talking about a full panoply of data that wasn’t previously available to the government,” says Sharton. “As this data is becoming more and more prevalent and sensitive and people are using it more and more, you’re broadening the government’s power just by means of technological advance.”
Under such a ruling, short of ceasing to use a cell phone, consumers would have no way to opt out of exposing their location data to the government.
In the most extreme scenario, the court could also broaden its potential ruling to reach beyond third-party cell location data and include all third-party data. At that point, far more personal information would be exposed to government scrutiny without a warrant, including “all the contents of your email, the family photographs and documents you store in the cloud, the information that you send to Fitbit or to a health app about yourself,” says Pincus. Again, a consumer would have no reasonable way of protecting their privacy.
The probability of this extreme case is not very likely. “I think whatever ruling you see it will be narrowly tailored to the facts of the case, says Sharton. In Riley v. California, for example, a similar Fourth Amendment case in 2014, the justices gave a ruling that only applied to the specific details in question. “They tend to rule on something in a narrow way because they want to maintain some flexibility down the road,” Sharton says.
A ruling in favor of Carpenter wouldn’t necessarily ease privacy concerns. Without access to an individual’s location through a cell provider, the government could still tap into other sources, such as public cameras, to obtain the same data. Sharton points out that the question isn’t “can the government get it or never get it. We’re talking about simply putting the government through a hurdle and that hurdle is the Fourth Amendment.”
Carpenter won’t be the last Supreme Court case on digital privacy. “So much of what we are increasingly relying upon involves being able to track people maybe anonymously or maybe in an aggregate manner,” says Madnick, who heads MIT’s Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity.
Given that, it won’t be long before the question will arise again: “If you have that ability,” Madnick continues, “can you in some sense hinder or prevent its use in a more individual manner?”
Madnick adds a reminder: “In the end, everything is reversible over time.” As a result, the privacy question is “one where society at large, your readers, need to think about how they feel about it, and ultimately that consensus will percolate to society and will set the standards.”