Actually, even though that question can hardly be avoided here, my primary question is too long for the title: What are our reasonable expectations of privacy regarding data that businesses create about us for legitimate purposes? These questions arise from Carpenter v. US (Sixth Circuit opinion), which the Court will entertain this term.
In 2011, Detroit police arrested four men suspected in a string of armed robberies of Radio Shack and T-Mobile stores in Michigan and Ohio. One of the suspects confessed to 8 such robberies, and gave details of a substantial operation consisting of 15 other men who served as getaway drivers, lookouts, etc. The confessor fingered Timothy Carpenter and his half-brother Timothy Sanders as the masterminds of this operation, claiming that the two of them often supplied the guns, and that Carpenter would usually sit in a stolen car across the street from the target store, and use his cellphone to signal the robbers to enter the store and perpetrate the robberies. (Later at trial, 7 of the other suspects testified similarly.) Upon arrest, the confessor gave the FBI his cellphone number and the numbers of the other alleged participants. The FBI applied for a court order to obtain from the wireless carriers the transactional data for these phone numbers, including the cell-site location information (CSLI). CSLI identifies to which cell tower and from which direction a phone connected when a call was sent and ended (some CSLI includes tower switching information, but this was not sought in this case). The court granted the request pursuant to the Stored Communications Act, 18 USC § 2703, which provides in relevant part:
18 USC § 2703 - Required disclosure of customer communications or records
The CSLI showed that Carpenter had used his phone within 0.5-2 miles of the stores at the time of 4 of the robberies. Carpenter and Sanders moved to suppress the CSLI evidence on grounds that obtaining it constituted a Fourth Amendment search requiring a warrant supported by probable cause. The district court denied the motion; the defendants were convicted of 6 counts of armed robbery (inter alia), and appealed. The Sixth Circuit affirmed the district court's judgment to allow the evidence.
The Circuit court's rationale is straightforward, premised first and foremost on the “third party” doctrine wherein information one has knowingly or voluntarily shared with a third party (including a business) does not command Fourth Amendment protection, while information for which one has a reasonable expectation of privacy requires a warrant supported by probable cause. Thus, a search warrant is required to inspect the contents of packages and letters sent by USPS or commercial carriers, but not for the government to obtain readily available information such as a recipient's name, address, or other features of the item such as weight and size: Ex parte Jackson (1878). In Katz v. US (1967) -- in which the reasonable expectation standard was first articulated in a concurrence by Justice Harlan -- the Court held that the FBI's warrantless bugging device attached to the outside of a phone booth that recorded Katz's conversations in which he transmitted illegal gambling wagers was an unconstitutional invasion of his privacy. In contrast, Smith v. Maryland (1979) involved the warrantless installation of a pen register--a device, attached at the telephone company's switching facility, that tracked the numbers dialed from the defendant's phone--which the Court found was not a Fourth Amendment search, since such information is freely available to and required by the phone company in order to connect the calls. Similarly, in US v. Miller (1976), the Court did not find a Fourth Amendment violation when a grand jury acquired by subpoenas duces tecum the bank records of a man under criminal investigation. The Sixth Circuit has unproblematically held that obtaining the content of emails requires a warrant based on probable cause, but routing information and IP addresses are not constitutionally protected, because such information, like addresses on pieces of mail, are and must be available to service providers: US v. Warshak (2010).
US v. Jones (2012) and Riley v. California (2014) are the primary case law on which Carpenter's arguments rely. Jones pertains to an episode that essentially amounts to police misconduct. The District of Columbia PD obtained a warrant to attach a GPS device to a vehicle registered to Jones' wife but which Jones possessed (at least sometimes). The warrant authorized installation of the device in DC and within 10 days. Agents installed the device on the 11th day and in Maryland. The vehicle was tracked for 28 days. Subsequently Jones was indicted on drug trafficking conspiracy charges. The district court suppressed the GPS data obtained while the vehicle was parked at Jones' residence, but admitted all other data on the basis that Jones had no reasonable expectation of privacy while driving on public streets (consistent with US v. Knotts (1983)). Jones was convicted, appealed, and the Circuit court threw out the conviction. The Supreme Court affirmed in a decision that was unanimous in judgment but with competing rationales. Justice Scalia's majority opinion reached back to the ancient roots of the Fourth Amendment's concept of a “search,” which is bound up with the common-law doctrine of trespass to chattels. The opinion asserts, “The Government physically occupied private property for the purpose of obtaining information.” Justice Alito's concurrence, joined by Justices Ginsburg, Breyer and Kagan, upbraids this reasoning in favor of the reasonable expectation of privacy standard. Nevertheless, the majority apparently concluded that locating the Fourth Amendment violation in the trespass that occurred more readily justified the exclusion of all the GPS data, including that obtained when Jones was driving on public streets.
In any case, the rationale of the majority opinion in Jones is certainly inapplicable to the situation in Carpenter--the FBI did not physically occupy or trespass on any property belonging to Carpenter. Alito's concurrence doesn't seem very germane to Carpenter either. According to Harlan's formulation of the reasonable expectation of privacy, the first requirement is that the person asserting it must “have exhibited an actual (subjective) expectation of privacy”. There is no indication that Carpenter exhibited any such expectation of privacy for his CSLI logs, and there is little reason to conclude that he should have. After all, as readily available online, the big name wireless companies (e.g., Verizon, AT&T, Sprint) specifically state in their contracts that they collect such CSLI data and provide it to governmental agencies when lawfully ordered. The average reasonable person cannot plausibly deny knowing that location data are an integral aspect of the business of wireless carriers. Roaming charges depend on the service providers having location data.
Riley combined two independent cases where individuals were legitimately arrested, whereupon police seized their cellphones, accessed information from the phones, and charged the persons with additional offenses on the basis of this information. A unanimous Court held, “The police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.” The purpose of warrantless searches of the person or effects of an arrestee is to ensure officer and public safety and to prevent the destruction of evidence. This case and holding seems to have little relevance to Carpenter. Carpenter's brief does not seem to get around to making a direct connection between the cases.
The brief for Carpenter repeatedly references the Telecommunications Act, especially the term used in 47 USC § 222(c), “customer proprietary network information”. Carpenter's brief claims that this term in the context of the statute denotes such propositions as: “Federal law grants individuals a proprietary interest in their CSLI records by prohibiting service providers from disclosing that information without 'express prior authorization of the customer.' 47 USC § 222(f).” But the statute doesn't actually declare any such grant of “proprietary interest,” and, moreover, § 222(c)(1) stipulates an explicit exception for the privacy requirements of telecommunications carriers: “Except as provided by law . . .” a service provider may not disclose “individually identifiable customer proprietary network information . . .”--one such law being 18 USC § 2703(d) (above). Thus, unless the Court were to find that 18 USC § 2703(d) is facially unconstitutional (which Carpenter doesn't urge), then petitioner's argument and claims about 47 USC § 222 are simply irrelevant.
In 2011, Detroit police arrested four men suspected in a string of armed robberies of Radio Shack and T-Mobile stores in Michigan and Ohio. One of the suspects confessed to 8 such robberies, and gave details of a substantial operation consisting of 15 other men who served as getaway drivers, lookouts, etc. The confessor fingered Timothy Carpenter and his half-brother Timothy Sanders as the masterminds of this operation, claiming that the two of them often supplied the guns, and that Carpenter would usually sit in a stolen car across the street from the target store, and use his cellphone to signal the robbers to enter the store and perpetrate the robberies. (Later at trial, 7 of the other suspects testified similarly.) Upon arrest, the confessor gave the FBI his cellphone number and the numbers of the other alleged participants. The FBI applied for a court order to obtain from the wireless carriers the transactional data for these phone numbers, including the cell-site location information (CSLI). CSLI identifies to which cell tower and from which direction a phone connected when a call was sent and ended (some CSLI includes tower switching information, but this was not sought in this case). The court granted the request pursuant to the Stored Communications Act, 18 USC § 2703, which provides in relevant part:
18 USC § 2703 - Required disclosure of customer communications or records
(d) Requirements for Court Order.—
A court order for disclosure under subsection (b) or (c) may be issued by any court that is a court of competent jurisdiction and shall issue only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.
A court order for disclosure under subsection (b) or (c) may be issued by any court that is a court of competent jurisdiction and shall issue only if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.
The CSLI showed that Carpenter had used his phone within 0.5-2 miles of the stores at the time of 4 of the robberies. Carpenter and Sanders moved to suppress the CSLI evidence on grounds that obtaining it constituted a Fourth Amendment search requiring a warrant supported by probable cause. The district court denied the motion; the defendants were convicted of 6 counts of armed robbery (inter alia), and appealed. The Sixth Circuit affirmed the district court's judgment to allow the evidence.
The Circuit court's rationale is straightforward, premised first and foremost on the “third party” doctrine wherein information one has knowingly or voluntarily shared with a third party (including a business) does not command Fourth Amendment protection, while information for which one has a reasonable expectation of privacy requires a warrant supported by probable cause. Thus, a search warrant is required to inspect the contents of packages and letters sent by USPS or commercial carriers, but not for the government to obtain readily available information such as a recipient's name, address, or other features of the item such as weight and size: Ex parte Jackson (1878). In Katz v. US (1967) -- in which the reasonable expectation standard was first articulated in a concurrence by Justice Harlan -- the Court held that the FBI's warrantless bugging device attached to the outside of a phone booth that recorded Katz's conversations in which he transmitted illegal gambling wagers was an unconstitutional invasion of his privacy. In contrast, Smith v. Maryland (1979) involved the warrantless installation of a pen register--a device, attached at the telephone company's switching facility, that tracked the numbers dialed from the defendant's phone--which the Court found was not a Fourth Amendment search, since such information is freely available to and required by the phone company in order to connect the calls. Similarly, in US v. Miller (1976), the Court did not find a Fourth Amendment violation when a grand jury acquired by subpoenas duces tecum the bank records of a man under criminal investigation. The Sixth Circuit has unproblematically held that obtaining the content of emails requires a warrant based on probable cause, but routing information and IP addresses are not constitutionally protected, because such information, like addresses on pieces of mail, are and must be available to service providers: US v. Warshak (2010).
US v. Jones (2012) and Riley v. California (2014) are the primary case law on which Carpenter's arguments rely. Jones pertains to an episode that essentially amounts to police misconduct. The District of Columbia PD obtained a warrant to attach a GPS device to a vehicle registered to Jones' wife but which Jones possessed (at least sometimes). The warrant authorized installation of the device in DC and within 10 days. Agents installed the device on the 11th day and in Maryland. The vehicle was tracked for 28 days. Subsequently Jones was indicted on drug trafficking conspiracy charges. The district court suppressed the GPS data obtained while the vehicle was parked at Jones' residence, but admitted all other data on the basis that Jones had no reasonable expectation of privacy while driving on public streets (consistent with US v. Knotts (1983)). Jones was convicted, appealed, and the Circuit court threw out the conviction. The Supreme Court affirmed in a decision that was unanimous in judgment but with competing rationales. Justice Scalia's majority opinion reached back to the ancient roots of the Fourth Amendment's concept of a “search,” which is bound up with the common-law doctrine of trespass to chattels. The opinion asserts, “The Government physically occupied private property for the purpose of obtaining information.” Justice Alito's concurrence, joined by Justices Ginsburg, Breyer and Kagan, upbraids this reasoning in favor of the reasonable expectation of privacy standard. Nevertheless, the majority apparently concluded that locating the Fourth Amendment violation in the trespass that occurred more readily justified the exclusion of all the GPS data, including that obtained when Jones was driving on public streets.
In any case, the rationale of the majority opinion in Jones is certainly inapplicable to the situation in Carpenter--the FBI did not physically occupy or trespass on any property belonging to Carpenter. Alito's concurrence doesn't seem very germane to Carpenter either. According to Harlan's formulation of the reasonable expectation of privacy, the first requirement is that the person asserting it must “have exhibited an actual (subjective) expectation of privacy”. There is no indication that Carpenter exhibited any such expectation of privacy for his CSLI logs, and there is little reason to conclude that he should have. After all, as readily available online, the big name wireless companies (e.g., Verizon, AT&T, Sprint) specifically state in their contracts that they collect such CSLI data and provide it to governmental agencies when lawfully ordered. The average reasonable person cannot plausibly deny knowing that location data are an integral aspect of the business of wireless carriers. Roaming charges depend on the service providers having location data.
Riley combined two independent cases where individuals were legitimately arrested, whereupon police seized their cellphones, accessed information from the phones, and charged the persons with additional offenses on the basis of this information. A unanimous Court held, “The police generally may not, without a warrant, search digital information on a cell phone seized from an individual who has been arrested.” The purpose of warrantless searches of the person or effects of an arrestee is to ensure officer and public safety and to prevent the destruction of evidence. This case and holding seems to have little relevance to Carpenter. Carpenter's brief does not seem to get around to making a direct connection between the cases.
The brief for Carpenter repeatedly references the Telecommunications Act, especially the term used in 47 USC § 222(c), “customer proprietary network information”. Carpenter's brief claims that this term in the context of the statute denotes such propositions as: “Federal law grants individuals a proprietary interest in their CSLI records by prohibiting service providers from disclosing that information without 'express prior authorization of the customer.' 47 USC § 222(f).” But the statute doesn't actually declare any such grant of “proprietary interest,” and, moreover, § 222(c)(1) stipulates an explicit exception for the privacy requirements of telecommunications carriers: “Except as provided by law . . .” a service provider may not disclose “individually identifiable customer proprietary network information . . .”--one such law being 18 USC § 2703(d) (above). Thus, unless the Court were to find that 18 USC § 2703(d) is facially unconstitutional (which Carpenter doesn't urge), then petitioner's argument and claims about 47 USC § 222 are simply irrelevant.
