Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...
By Chris Ott, Davis Wright Tremaine LLP
On June 22, 2018, the United States Supreme Court appeared to establish a new standard for privacy rights when its decision in Carpenter v. United States, 2018 BL 222220 (2018) , held that the government’s acquisition of a defendant’s historical cell-site location information (CSLI) from a third party constituted a Fourth Amendment search. The public reaction to the ruling was swift and dramatic. But a closer look reveals significant gaps in the privacy protections created by the case. Far from defining a new era of privacy law, the decision provides a precariously narrow and potentially problematic precedent.
Many observers expect Carpenter to expand Fourth Amendment protections over new types of personal information. Some of these expectations flow from the nature of CSLI itself. CSLI is data collected by an individual’s mobile phone service provider, which, to greatly simplify a complex matter, records the time and the angle of signals hitting the provider’s wireless antenna towers, allowing anyone with the data to approximate the phone’s location. The person about whom the data is collected—Carpenter in this case—never possesses the data and has little control over its collection and use. See generally 47 U.S.C. § 222 (giving telecommunications carriers control over the disclosure of proprietary information relating to telecommunications services). By acknowledging a personal privacy right in this mobile phone location data, the Supreme Court effectively reversed earlier precedent and acknowledged a new right regarding data developed and maintained by third-party technology companies. If the defendant in Carpenter has an expectation of privacy in CSLI data, he must surely have an expectation of privacy with respect to the reams of data created by new technology companies interested in his movements and activities.
Not so fast.
For one, the decision’s factual scope is explicitly narrow. The Court declined to decide whether obtaining historical CSLI data covering less than one week of activity would require a warrant. Carpenter, 2018 BL 222220, at *51 n.3. Thus, the decision on its face does not even bar all warrantless CSLI collection. Perhaps more perplexing, the decision does not bar “tower dumps,” which is the download of everyone’s cell service location data—not just a suspect’s—in a wedge-shaped area covering up to four square miles from a particular tower. Carpenter, 2018 BL 222220, at *17.
Second, the Court’s refusal to issue broad restrictions on warrantless information collection makes it clear that the third-party doctrine lives on. That doctrine, which flows from the Supreme Court’s decision in United States v. Miller, states that the Fourth Amendment does not protect individual records voluntarily shared with a third party. 425 U.S. 435, 440-46 (1976). Carpenter is a narrowly-tailored exception to the doctrine, exalting a person’s “reasonable expectation of privacy” in a “novel” and “unique” set of information that is nevertheless voluntarily handed over to and owned by a third party. See Carpenter, 2018 BL 222220, at *9. The Supreme Court apparently sees no tension between Carpenter and Miller, but provides no concrete test for restricting the application of the third-party doctrine. The absence of clear guidelines may further narrow and confuse the scope of the Carpenter decision.
Finally, it is important to acknowledge that Carpenter only applies to searches by the government, as no private access to CSLI would implicate the Fourth Amendment. Therefore, the decision does little to assuage the growing modern privacy concerns increasingly focused on collection and sharing of data not by the government, but by private companies.
To compound its problematic scope, the Carpenter decision fails to address the concerns posed by the more mature forms of location-based data. In fact, it is at least a decade behind current technology. The government investigation at issue in the case occurred in 2010 and 2011, before ride-share applications, which track precise GPS movement, had begun to reach their current level of ubiquity. The types of personal data collected by third parties today have far greater breadth and specificity than CSLI, which could only narrow an individual’s location to an area ranging from a dozen to a hundred city blocks. The new data also generates what can be categorized as “fourth party” privacy concerns, where third-party vendors collect information to share with fourth parties.
CSLI’s geographic precision cannot compete with the data compiled by modern map applications, ride-share applications, or even casual dating programs. All of these applications involve affirmatively sharing one’s geographic and personal information with third parties to aid in interactions with fourth parties. Often, the purpose of these applications is to share that location data with the fourth party: the outside contracting driver or the potential date. Companies increasingly employ tracking cookies of various subtypes in order to catalog web browsing habits, location, and content for sale to fourth parties. Today, these transactions are the reason users see ads for local restaurants upon landing in new cities. In the future, the application of these technologies will lead to entirely new analytical problems, and Carpenter does not even hint at how those problems might be resolved.
Consider also the issues posed by the proliferation of autonomous navigation. According to current thinking, the successful deployment of autonomous driving technology will rely on connection to upcoming 5G networks. Without getting too technical, such a system will involve numerous private governmental networks sharing location data to facilitate vehicle navigation and increase personal safety on public roads. This data, by necessity, will be comprehensive, exacting, and shared with governments. Had CSLI been systematically shared with the government in Carpenter, it seems unlikely that investigators would have needed to use any legal process to determine the defendant’s location.
Future interactions with autonomous robots are similarly problematic. Those robots and their collective systems will generate copious data about people’s movements, likely by interacting with personal communication devices like mobile phones and wearables. The resulting maps and associated data they generate will create a new stockpile of data for government investigators to mine, and the detailed portraits derived from it will make CSLI data look like cave paintings.
For now, the “third-party doctrine” persists, and evolving technologies will continue to exploit information handed over from users to third and fourth parties. It may be that Carpenter’s exception to the third-party doctrine marks just a momentary detour. Soon, our public movements may not be private at all, in the standard sense. Or maybe a new legal standard should be formulated. What is clear is that the Supreme Court will be asked to further address these issues in the coming years.
Even more concerning, the Carpenter holding may actually result in a net decrease in privacy protections by encouraging law enforcement to seek information more traditionally considered private. In Carpenter, the government obtained the defendant’s CSLI through an order under the Stored Communications Act (SCA), which requires the government to offer specific and articulable facts showing reasonable grounds for believing that records are relevant and material to an ongoing investigation. 18 U.S.C. § 2703(d). The Court, however, found such a showing to be inconsistent with the Fourth Amendment protections that should be afforded to CSLI, noting that the requirements under the SCA fall “well short of the probable cause required for a warrant.” Carpenter, 2018 BL 222220, at *13.
In practice, however, the distinction offered by the Court is small. In Carpenter, the government had, of course, already identified the person to be searched and obtained his cell phone number. The defendant had also been identified by a co-conspirator who had confessed to the crime. Carpenter, 2018 BL 222220, at *18. With this information, and possibly with the other investigative techniques not specifically prohibited by the court—shorter surveillance periods and tower dumps—one would assume it would take little extra effort to obtain a warrant instead of an order under the SCA.
This is an important inflection point for the future of governmental investigations. In Carpenter, law enforcement sought no process on Carpenter’s data other than the SCA order for the carriers’ CSLI. All that the investigators needed was Carpenter’s proximity to the robberies to pair with the other evidence that they gathered implicating him. However, if they were required to write a search warrant, and they had possession of enough appropriate evidence, there would be no good reason for law enforcement to confine the warrant to CSLI over more revealing evidence, such as the phone itself and its content. If location data is private, then law enforcement will seek more warrants to look inside that private garden.
It may be that, in future cases, short historical CSLI orders and “tower dumps” will be deemed searches under the Fourth Amendment as well. However, in many cases, a combination of pen register returns and subpoenaed toll records, none of which require warrants, will likely still support an adequate quantum of individualized suspicion to obtain a warrant. By holding that CSLI location data held by parties is covered by the Fourth Amendment, the Court has raised the risk that more classical Fourth Amendment information will be placed in law enforcement crosshairs.
The philosophical divisions in the Carpenter court are relatively clear. Chief Justice Roberts’s opinion was joined by Justices Sotomayor, Kagan, Breyer, and Ginsburg. Dissenting were Justices Kennedy, Thomas, Alito, and Gorsuch. Although the dissenters each wrote separately, they appear to have coordinated the division of issues in their respective dissents.
As a necessary aside, Justice Anthony Kennedy dissented, joined by the conservative wing of the Supreme Court (other than Roberts). Assuming that Justice Kennedy’s replacement has views that fall on the continuum between Kennedy and Thomas, the new Justice may not swing future cases. The only swing vote on this issue appears to be Chief Justice Roberts. Moreover, as the author of both the Carpenter and Riley v. California, 134 S. Ct. 2473 (2014), majority opinions, it appears that Chief Justice Roberts is the architect of these new privacy principles.
It is not yet clear what the Supreme Court’s next steps will be in the privacy sphere. There are a number of reasons why Carpenter may actually be a step in the wrong direction. While the decision will likely always be historically significant when assessing governmental access to digital evidence and an individual’s right to privacy, it could bear very little relevance to the technologies and laws that we actually live with.
Author Information Chris Ott, CIPP/US, advises industry-leading organizations in sensitive cyber incidents, national security matters, white-collar investigations, government enforcement actions, and high-stakes litigation. Chris has served as an influential law enforcement official for multiple administrations, led some of the largest white-collar investigations in United States Department of Justice (DOJ) history, won more than 30 trials as a first-chair litigator, and spearheaded some of the DOJ and the SEC’s first successful cyber investigations. Chris, who is a partner in the Washington, D.C. office of Davis Wright Tremaine, can be reached at firstname.lastname@example.org.
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)