Skip to content
Naked Security Naked Security

Phone location privacy – for armed robber – headed to Supreme Court

Defending a convicted armed robber's right to privacy feels distasteful, but defending rights are important - as this case seeks to do

Armed robbers are not sympathetic characters. Which means defending their right to privacy might not get much sympathy either.

But, as multiple privacy advocates note, it’s not just about them – it’s about the rest of us: if their privacy isn’t protected, neither is yours and neither is anyone’s.

That is at the heart of a case now headed to the US Supreme Court (SCOTUS). The legal issue is whether cell phone users “voluntarily” turn over cell tower location data to the carriers, which therefore means it is not private. It is a sure bet that almost nobody thinks that, since they don’t get to volunteer. If they want to use their phones, the carrier collects the data.

But the emotional/political issue is that it’s about a convicted criminal. Which recalls the words of HL Mencken, the iconic journalist and cultural critic, who famously saidL

The trouble with fighting for human freedom is that one spends most of one’s time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.

The scoundrel in this case is Timothy Ivory Carpenter, convicted in 2013 of six robberies of cell phone stores in the Detroit area, and using a gun in five of them. He was sentenced to 116 years for his role in the crimes, committed with several others, including his half-brother, Timothy Michael Sanders.

But part of the evidence used to convict Carpenter was data from wireless carriers, which prosecutors said placed his phone within a half mile to two miles of the sites of the robberies when they were committed.

Carpenter and Sanders appealed, with the backing of the American Civil Liberties Union (ACLU) and other groups, arguing that the collection of that data without a warrant violated his Fourth Amendment protection against unreasonable search and seizure.

They failed at the Appeals Court level in April 2016, when the Sixth US Circuit Court of Appeals found that while personal communications are private, “the federal courts have long recognized (that) the information necessary to get those communications from point A to point B is not,” which includes the metadata from cell phone towers. The court added that such data

… are information that facilitate personal communications, rather than the content of those communications themselves. The government’s collection of business records containing these data therefore is not a search.

It also noted that access to the phone records had been granted by magistrate judges under the Stored Communications Act (SCA), which the FBI sought after one of the robbers confessed and then gave the agency his cellphone along with the numbers of other participants.

However, the FBI didn’t seek a warrant. And that prompted the appeal, which the Supreme Court is scheduled to hear in the term that begins in October, and which has prompted a small blizzard of amicus briefs from privacy advocates including the Electronic Frontier Foundation, (EFF), the Electronic Privacy Information Center (EPIC) and another from more than a dozen of the nation’s top tech companies including Airbnb, Apple, Cisco Systems, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest Labs, Snap, Twitter and Verizon.

One of their biggest objections to the Appeals Court decision is that it is based, as the court said, on “long recognized” precedent. Long, as in long ago, in the 1970s, when nobody had a cellphone. It holds that information voluntarily given to a third party as part of a business transaction doesn’t qualify for Fourth Amendment protection.

That, the advocates say, is vastly out of date – applying analog rules to a digital world – since just about everybody now carries a cellphone. There are now an estimated 396m mobile accounts in the US (more than the nation’s population), and the location data gathered by cell towers is becoming as precise as GPS tracking.

Even if location services is shut off on a phone, simply operating the phone means it connects to cell towers, generating data called cell site location information (CSLI). According to the EFF brief, “as the number of cell towers has increased and cell sites have become more concentrated, the geographic area covered by each cell sector has shrunk,” which makes it possible to determine where a phone is within 50 meters.

The tech companies’ brief also noted that the SCA, under which the FBI sought the phone metadata, was enacted in 1986, when, “few people used the internet, almost none had portable computers, and only around 500,000 Americans subscribed to basic cell phone service”.

Other reasons cited by privacy advocates for the Fourth Amendment applying to CSLI include:

  • Users don’t really “voluntarily” turn over that data to the wireless carriers, since they can’t use the phone without doing so. Alan Butler, senior counsel at EPIC, said the Supreme Court has already signaled that it understands that mobile devices “have become embedded into our daily lives. I think the notion that cell phone users necessarily ‘assume the risk’ or ‘consent’ to collection and disclosure of their location information is nonsense and flips privacy law entirely on its head.”

Butler, who also authored a recent post on SCOTUSblog about the Carpenter case, noted that the Supreme Court in 2012 unanimously threw out a conviction for drug trafficking because of evidence gathered by law enforcement putting a GPS tracker on the defendant’s car.

Carrying a phone, he and others have noted, amounts to a GPS tracker monitoring not just where your car goes, but where you go, all the time.

  • If precedent stands, Big Brother can track just about anybody without a warrant. EFF noted that “AT&T alone received 70,528 requests for CSLI in 2016 and 76,340 requests in 2015. Verizon received 53,532 requests in 2016 and 50,066 requests in 2015.” The majority of them warrantless.
  • The location tracking of people extends far beyond real time, unlike human surveillance. It can go back months, or even years, creating a highly detailed record of everywhere a person has been.
  • Given the necessity of cell phones, people now have a “reasonable expectation” that their location information is private.

The lobbying for the Carpenter conviction to be overturned is not unanimous, however. Orin Kerr, a research professor at the George Washington University Law School, in a post on SCOTUSblog, argued that what is really at issue is “what you might call the eyewitness rule: the government can always talk to eyewitnesses”.

In this case, he said, the wireless carrier is an eyewitness. “Customers use their services and hire the companies to place calls for them,” he wrote, which means the business record of what they did for customers doesn’t have Fourth Amendment protection.

The right question for the court, he contended, is not Carpenter’s “expectation” of privacy, but whether he should “have a right to stop others from telling the government about what they saw [him] do”.

Of course, this is about billions of digital “eyes”, not people on the street.

Which calls to mind a talk by Christopher Soghoian late last year, when he was chief technologist at the ACLU, titled “Stopping Law Enforcement Hacking” at the Chaos Communication Congress (CCC).  He said:

Many of the court cases that define our basic privacy rights come from cases involving drug dealers, people smuggling alcohol, and paedophiles. So it can be very unpleasant for people to engage in these cases.

But if you wait until the government is using its powers against journalists and freedom fighters, by that point the case law is settled.


 

1 Comment

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?