Four things to note about the Supreme Court’s location privacy ruling
A U.S. official can’t learn where you are reading this without first obtaining a warrant.
That privacy principle became law Friday, when the Supreme Court ruled 5-4 in Carpenter v. United States that historical cell site location information is protected by the Fourth Amendment and therefore cannot be obtained by a government agency until a court issues a search warrant.
To reach that decision and drop decades of precedent, the court had to acknowledge how technology has expanded the reach of tracking—and essentially eliminated our ability to opt out of it. The majority opinion written by Chief Justice John G. Roberts Jr. focuses on that angle, calling government access to phone location history “near perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”
Roberts wrote that the Federal Bureau of Investigation erred by obtaining only a court order under the Stored Communications Act—a lower bar than a search warrant and its probable-cause requirement—to compel wireless services to produce location history data for suspect Timothy Carpenter, who later was convicted of staging a string of armed robberies and sentenced to 1,395 months of imprisonment.
Wireless phones change everything
The ruling, in which Justices Stephen G. Breyer, Ruth Bader Ginsburg, Elena Kagan, and Sonia Sotomayor joined Roberts, pivots on two shifts in the use of telecommunications data. One is obvious: We carry our phones everywhere.
“Cell phones and the services they provide are ‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation in modern society,” the opinion reads, while noting a study finding that 12 percent of Americans use their phones in the shower. (That Harris Interactive survey dates to 2013, when waterproof phones were rare; skepticism seems warranted for that figure.)
The less obvious shift is not just how phone location tracking is unavoidable—as the opinion correctly notes, “without any affirmative act on the part of the user beyond powering up”—but how accurate it’s become as cell sites proliferate and position-calculating techniques advance.
The court majority approvingly cited 2012 testimony before the House Judiciary Committee by University of Pennsylvania computer science professor Matt Blaze that wireless carriers could “pinpoint a phone’s location to an accuracy of within 50 meters or less.”
The carriers are the weak privacy link
Location data is the currency of many technological realms, and wireless carriers not only collect it but often keep it for five years, AT&T told Sen. Ed Markey (D.-Mass.) in 2013.
“Companies should be getting rid of this data as soon as they no longer need it,” said Amie Stepanovich, U.S. policy manager for digital-civil-liberties group Access Now. “There aren’t a lot of arguments that I can think of why they’d want to keep long histories of location information tied to an individual account.”
And while Facebook and Google respectively say they require a search warrant before disclosing location history, the transparency reports posted by AT&T, Sprint, T-Mobile, and Verizon indicate that a court order suffices.
The wireless carriers, along with telecommunications firms in general, were also late to adopt the habit of documenting law enforcement and national-security queries for customer data in transparency reports. And unlike Facebook and Google, they don’t let their customers edit or delete their location data.
Two of three branches of government were no help, either
If the carriers weren’t going to force a change in policy by insisting on a higher standard before disclosing evidence, Congress was even less likely to do anything.
U.S. lawmakers have consistently failed to reform the horribly out-of-date Electronic Communications Privacy Act of 1986, the statute that embeds the Stored Communications Act, even though its flaws—like the absurd contention that messages stored online for more than 180 days don’t require a warrant to be searched—have been obvious for decades.
Even successive years of unanimous or near-unanimous House passage of the Email Privacy Act, the leading ECPA reform bill, have not let it escape the Senate Judiciary Committee, where Sen. John Cornyn (R.-Texas) and others have raised law enforcement concerns.
At the executive branch, meanwhile, the lack of any coherent tech policy agenda has left the Trump administration on the sidelines.
That leaves the judicial branch the only functioning part of government, when it comes to revisiting laws governing how we connect and compute—see, for instance, how in 2014 it ruled in Riley v. California that police could not search a smartphone’s contents without a warrant.
But the Carpenter ruling has enough vague elements–for instance, it suggests that a request for less than seven days of cell-site location history might not require a warrant–to ensure plenty of further litigation. None of that, however, seems likely to benefit Carpenter or others convicted based on location-history evidence: The “good-faith exception” immunizes those prior searches because police investigators thought they were acting legally at the time.
We haven’t heard the last about the third-party doctrine
The Carpenter ruling rips a hole in a long-standing legal principle called the “third-party doctrine”—that if you give information to a third party, you didn’t consider it private, and you therefore lose your Fourth Amendment protections. But the court didn’t quite answer why only cell site location history earns an exemption from the doctrine.
A dissenting opinion from Justice Neil M. Gorsuch wonders why, for instance, the government inspecting somebody’s financial transactions should represent much less of violation than inspecting somebody’s location history. His conclusion: the third-party doctrine has to go.
“Fourth Amendment protections for your papers and effects do not automatically disappear just because you share them with third parties,” he wrote, arguing that your property rights to your data persist through commercial transactions.
A judge usually seen as occupying the polar end of the ideological spectrum from the Trump-appointed Gorsuch, Sotomayor, made a similar point in her concurring opinion in U.S. v. Jones.
In that 2012 decision, which ruled that warrantless use of a GPS-tracking device on a suspect’s car violated the Fourth Amendment, Sotomayor called the third-party doctrine “ill-suited to the Digital Age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
It may be too soon to say the Carpenter ruling “takes a sledgehammer to the foundations of the third-party doctrine,” as Kevin Bankston, director of New America’s Open Technology Institute, phrased things in a statement. But there’s no way we’ve seen the last of this.