Will Carpenter vs. U.S. build a new framework for privacy in the digital era?

The future of U.S. government surveillance hinges on a case in front of the Supreme Court this fall. In Carpenter vs. United States, the U.S. Supreme Court (SCOTUS) will likely clarify whether warrantless location tracking is allowed under the U.S. Fourth Amendment. Although this is a domestic case in the U.S. jurisdiction, it concerns privacy issues that are increasingly relevant all over the world. All people have a fundamental right to privacy, which is central to the maintenance of a democratic society. And where, as here, that right is undermined by unwarranted, broad government surveillance, it is necessary for the courts to step in to protect that right and enforce the rule of law.

The case deals with location information, more specifically “cell-site data.” Simply speaking, cell-site data are the information generated and maintained by your cell phone service carrier to record at which specific time your cell phone is connected to which specific cell tower to receive signals. This is a continuous recording process as long as your cell phone is connected to the wireless network. So, pragmatically, cell-site data can be used to check a cell phone owner’s movements over any specific period of time in the past few years.

In Carpenter, FBI agents obtained cell-site data for two defendants over long periods, up to 127 days. This data seemed to show the defendants were near sites when robberies occurred. The defendants are arguing that the cell-site data should be suppressed because the defendants have a reasonable expectation of privacy in their location information and the officers did not receive a search warrant before accessing that data (they relied only on a court order, commonly referred to as a “d order,” issued under the Stored Communications Act § 2703(d)). A warrant would require the government to establish “probable cause” that the requested search will uncover criminal activity or contraband, while a “d order” only requires a showing that the requested data would be “relevant and material to an ongoing criminal investigation.”

The Sixth Circuit decision and SCOTUS precedents

Carpenter comes to Supreme Court from the Sixth Circuit, where Judge Kethledge ruled that no Fourth Amendment search occurred because defendants had no privacy interests in their cell-site data. Judge Kethledge invoked Smith vs. Maryland, a landmark case from 1979 in which the Supreme Court found no reasonable expectation of privacy in phone numbers dialed since the records were turned over to a third party (the “third party doctrine”). Primarily relying on this third party doctrine as well as the fact that cell-site information, like phone numbers, are not considered “content,” Judge Kethledge found that the FBI’s conduct was proper.

To reach this conclusion, Judge Kethledge also distinguished U.S. vs. Jones, a 2012 case in which SCOTUS held unanimously that location tracking over a period of 30 days using a device attached to the defendant’s car was a search under the U.S. Fourth Amendment. Judge Kethledge found that Carpenter, unlike Jones, involved information obtained from a third party (not GPS data collected directly from the defendant). Judge Kethledge also distinguished GPS information as much more precise than cell-site data.

1970s v. 2010s

Unfortunately, in failing to find an expectation of privacy Judge Kethledge failed to heed the vast technological leaps that have taken place since Smith vs. Maryland. More specifically, he failed to recognize that the leap from paper letters to telephone calls is substantially different from the leap from telephone calls to internet communications. The year 1979 was in the pre-digital era, when phones were overwhelmingly tied to addresses, not capable of “roaming around,” and could only be used to make phone calls. The telecommunications carriers recorded phone call data, but only on paper logs with simple information for accounting and billing purposes.

The devices that are commonly carried around today, with their current functionality and tracking capabilities, existed only in fiction and people’s imaginations. Today, a cell phone is also a TV, newspaper, radio, music player, GPS, shopping center, information center, appointment center, and bank teller. And the provider has the data logs to go along with this broad increase in device features, including precise location data: Current methods of triangulation can pinpoint a mobile location to within an area of about ¾ square mile, and it’s even more exact in densely populated urban areas where there are more cell towers. And in the future location data will be even more precise as the number of cell towers continues to increase dramatically.

This type of location data can reveal incredibly personal information: where you have been can reveal far more about you than only where you have been. Attending a house of worship could reveal your religion. Going to a park for an anti-war protest could expose your political inclinations. And it’s easy to make inferences after seeing the record of a person’s visit to an abortion clinic or an AIDS counsellor. In her concurrence in Jones, Justice Sotomayor discussed how location tracking reveals detailed information about individuals: “GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”

Cell-site data can be more invasive than the GPS data in Jones. Your phone stays closer to your person, and in certain areas, it can even monitor subtle shifts in movement, like your movement from one room in your house to another. You don’t keep your vehicle anywhere near that close to you. And while cell-site location data may, in some instances, be less accurate than GPS data collected either via a free-standing device or the GPS on your phone, the privacy invasion represented by long-term tracking of your movements is nonetheless incredibly significant.

Beyond cell-site data – Metadata

Location information, like cell-site data, is just one category of what is generally known as “metadata,” which also can include Internet Protocol (IP) addresses, email addresses, credit card payment records, and a lot of other “non-content” information. Metadata is a byproduct of content but is not considered content itself. Accordingly, in spite of the fact that metadata opens a window for others to peek into a person’s private life, under the current legal regime of the United States, metadata has no Fourth Amendment protection, at least when collected remotely or from a third party.

This content/non-content distinction was established in the pre-digital world, when technologies were not yet proficient enough to process, analyze, and aggregate large amounts of data. Today, such a distinction is no longer proper for measuring the degree of privacy intrusion enabled by surveillance technologies, including big data tools and machine learning. With these tools metadata may even be more invasive than content information. Surveillance that would have required massive-scale monitoring and analysis in the 1970s can now be conducted with just a few clicks, easily and cheaply.

Broad surveillance of metadata may further hamper people’s ability to exercise other constitutional rights. For example, a person may be chilled from visiting certain religious sites if that person knows the government will know about those visits and believes it will create negative inferences that may impact his or her legal status.

When technology has changed enough to have dramatically expanded government power, as it has now, the balance between government and citizen is broken and should be restored. International human rights law and policy makes it clear, whether metadata or content information, private information should be treated as “Protected Information,” even if it is revealed through surveillance of public information. After all, the person, not the texts or numbers they carry, is what makes privacy fundamental.