Skip to content
Naked Security Naked Security

Radio Shack robbery to have huge consequences for location privacy

This could go beyond Radio Shack and location data; it may apply to email/text messages, internet searches, and bank and credit card records.

The time has come, finally, after years of confusion, to iron out what kind of privacy – if any – Americans can expect with regards to their phones’ location data.

The Supreme Court today will take up a slew of questions that arise from the modern era of ubiquitous cellphone usage. The case in question, Carpenter v. United States, is one of many that have arisen when police have used cellphone-derived location data to pinpoint suspects’ whereabouts and whenabouts.

The story of this case begins in a humble enough setting: a Radio Shack store in Detroit that was the site of an armed robbery a couple of weeks before Christmas 2010. It was one of a string of robberies in the Midwest in 2010 and 2011.

In April 2014, Timothy Ivory Carpenter was sentenced to 116 years in jail for robbing six cellular telephone stores, including that Radio Shack, at gunpoint. The robbers took with them bags filled with expensive phones. Ironically enough, it was their own phones that helped to send them to prison.

To get him convicted, prosecutors relied on vast amounts of data collected from cellphone companies that showed the movements of Carpenter, who they said was the ringleader of the robbery spree.

They got those records without a warrant. On Wednesday, the Supreme Court will start its review of the case, with the goal of determining whether that warrantless search violated Carpenter’s Fourth Amendment protection against unreasonable search.

Carpenter’s lawyers have argued that a prosecutor had sought access to more than five months of his cellphone location records. They didn’t seek warrants based on probable cause, however. Rather, they requested the records under the Stored Communications Act, which has a lower standard and allows phone companies to disclose records when the government shows “specific and articulable facts showing that there are reasonable grounds to believe” that records at issue “are relevant and material to an ongoing criminal investigation”.

The cellphone records didn’t reveal Carpenter’s conversations. Rather, they revealed that over a five-month span in 2010 and 2011, his cellphone connected with cell towers in the vicinity of the robberies.

Carpenter had argued that the records should be suppressed because the government hadn’t obtained a warrant for them.

But a district court denied the request, saying that Carpenter “had no reasonable expectation of privacy in cellphone location records held by his service provider.” He was convicted on 11 of the 12 counts for which he was indicted.

The US Court of Appeals for the Sixth Circuit upheld Carpenter’s convictions, similarly rejecting Carpenter’s arguments that disclosure of his phone records to the federal government was a “search” for which the government needed a warrant. Its rationale: cellphone companies had collected the data “in the ordinary course of business” for their own purposes, including “to find weak spots in their network and determine whether roaming charges apply”.

The court argued that Carpenter had no reason to believe that his cellphone records would be kept private, given that the records simply show where his phone connected with cell towers, without giving away any information about call content.

The Federal government had urged the Supreme Court to deny a review of Carpenter’s case. In doing so, it pointed to two Supreme Court cases from the 1970s that held that obtaining a business’ records about somebody doesn’t equate to a “search” of that person, and hence doesn’t merit a warrant even if the records contain information about the person. It shouldn’t matter that Carpenter’s case involves “new technologies” like cellphones, the government has tried to argue.

But the Supreme Court has increasingly grown uncomfortable with the notion of police having unfettered access to our digital data. Thus, in June 2017, the Supreme Court refused to go along with the Feds, instead agreeing to review Carpenter’s case.

As of May 2015, a US court had ruled that police could access phone location data without a warrant. But that decision didn’t resolve the issue, given that it ran counter to lower courts in several states having ruled that phone records are constitutionally protected, including Montana, Maine, Minnesota, Massachusetts, and New Jersey.

Since that 2015 decision, we’ve been stuck with what Electronic Frontier Foundation civil liberties lawyer Hanni Fakhoury has called a hodgepodge, with the question of warrantless phone tracking left in limbo as state courts and some higher courts have come to contradictory decisions.

Simply put, at issue is whether the warrantless seizure and search of historical cellphone records revealing the location and movements of a cellphone user over the course of 127 days is permitted by the Fourth Amendment.

Does the Fourth Amendment to the US Constitution protect cellphones and their constant recording of cellphone locations, or not? Are those records private, or are phone companies akin to eyewitnesses to a crime – as in, it’s reasonable to interview them?

Does law enforcement need a warrant to get at months of our whereabouts, including when/where we go to church and when/where we sleep, or not? Do we have a reasonable expectation of privacy with regards to our location data?

So many questions, and such a mishmash of court decisions that have flip-flopped in their answers over the years: say, when law enforcement pored over the bank records of an illegal whiskey-distilling operation without a warrant (1976: US v. Miller – police didn’t need a warrant, the Supreme Court decided, since all they got was information voluntarily handed to banks).

Or in 1979, in Smith v. Maryland. Ditto for that one on the “nope, there’s no Fourth Amendment violation here” decision: sure, police got the phone company to install a pen register to record all phone numbers a suspected robber placed from his home. But no, how can you expect privacy when there’s a company involved to make those calls happen?

First, it is doubtful that telephone users in general have any expectation of privacy regarding the numbers they dial, since they typically know that they must convey phone numbers to the telephone company and that the company has facilities for recording this information and does, in fact, record it for various legitimate business purposes.

Experts in privacy law told the New York Times that Carpenter v. United States could spur a new era in digital privacy. The newspaper quotes Jeffrey Rosen, the president of the National Constitution Center, a nonprofit group devoted to educating the public about the Constitution:

Carpenter could be the most important electronic privacy case of the 21st century.

It’s certainly attracted a small blizzard of amicus curiae briefs. One came from a group of more than a dozen of the nation’s top tier of tech companies, including Airbnb, Apple, Cisco Systems, Dropbox, Evernote, Facebook, Google, Microsoft, Mozilla, Nest Labs, Snap, Twitter and Verizon.

Other briefs have come from rights groups, including one from the Electronic Privacy Information Center (EPIC) and another from the Electronic Frontier Foundation (EFF). Also chiming in has been the legal luminary Orin Kerr.

Kerr, a research professor at the George Washington University Law School who will soon join the faculty at the University of Southern California, argued in a post on the SCOTUSblog that what’s at issue in Carpenter is “what you might call the eyewitness rule: the government can always talk to eyewitnesses”.

In the case of Carpenter, he said, the wireless carrier is an eyewitness. “Customers use their services and hire the companies to place calls for them,” he wrote, which means the business record of what they did for customers doesn’t have Fourth Amendment protection.

The right question for the court, he contended, is not Carpenter’s “expectation” of privacy, but whether he should “have a right to stop others from telling the government about what they saw [him] do”.

The tech companies, unsurprisingly, have urged the Supreme Court to protect privacy rights of people who use their products. To get that done, the Supreme Court would have to drag the Fourth Amendment out of the 18th century, when it was drafted, and into the modern era of devices tucked into our purses, pockets and briefcases. From their brief:

No constitutional doctrine should presume that consumers assume the risk of warrantless government surveillance simply by using technologies that are beneficial and increasingly integrated into modern life.

The court’s decision is expected by June 2018. It’s going to apply to far more than that Detroit Radio Shack and a robber’s cellphone data. As the NYT suggests, the court’s decision may also apply to email and text messages, internet searches, and bank and credit card records.

Kerr:

The case is hugely important in that it defines the constitutional role in a really wide range of cases.


4 Comments

This is a crazy idea. i would love to hear why anyone doesn’t have a reasonable expectation of privacy of there physical location.

I don’t think anyone has the rite to pull my location information without a warrant. In this specific case, the government really should have got a warrant, and it wouldn’t have been very hard for them to get either.

In today’s world it sound more and more like the government is going pull all information about its citizens without any rite to do so. Internet browsing search, stingrays, bank transactions, and now this. Will it ever end?

P.S. All i’m asking is for someone (a judge in this case) be responsible for answering a simple question “why do you have a rite to collect this information?”

As is, a person gives up all rights by using any phone service. If we were to look into using a phone service from some (nonexistent) small phone service and they said their policy was they collect all data possible and do what they wish with it we might chose to go elsewhere, but we do not have that option. We have limited options now days so we are in effect forced to accept whatever policies AT&T, Verizon etc etc adopt at will. They all use this power over us because they now can and they claim it as their ‘right’ to do it because they never have to say it to our faces, they are big and insulated from us. To say this to our face would be an outright insult and not end well and they know it, so here we are, stuck with faceless corporations and governments who insult us (on paper policy)… because they can. In my opinion it’s a much larger issue than simply telecommunications that needs fixing but big biz will have their say and their lawyers will prevail again I assume. Our privacy… it ‘should’ be so simple. 9/11 gave them everything they wanted and much more.

Based on these arguments, any citizen would have the right to ask for the same type of information – re where a person was located during a specific time etc – about anybody else as well. Law-enforcement agencies require warrants specifically to protect access to information that is not typically open for the normal public, so a judge has to determine whether there is plausible reason to search a person’s house, a doctor’s records, etc. Based on this argument, I could go to any doctor/psychology practice, financial institution, supermarket, etc and ask informationabout anybody else, as they only store that information because companies had collected the data “in the ordinary course of business” for their own purposes . Doctors store information about patients to know the medical history of a patient, and to be able to define trends about patients in general etc. That information is still PII. Same for my location data – that is still PII.
Could I please obtain records about my least favorite politician’s whereabouts based on his/her cell phone records for the last two years?……..

Mobile phones are not only tracked by towers but also potentially homing beacons because they are electromagnetic emitters. Those ISIS and Al Qaeda guys have gotten whacked by US drones simply by using GSM mobile phones.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?