A little-noticed Supreme Court ruling on cell phone data earlier this summer was a rare win for privacy advocates. Carpenter v. United States held that acquiring cell phone location records from a third-party requires a search warrant under the Fourth Amendment, rather than an informal request for the information by law enforcement.
The ruling means that there now must be probable cause for the government to obtain this type of information, though it doesn’t currently appear to have much impact beyond the narrow subject of cell-site records. That’s the data—generated automatically by every cell phone—that catalogs every location an individual has been based on the pings between phone and cell tower.
Robberies and Constitutional Rights
In the fall of 2010, there was a series of armed robberies of Radio Shack and T-Mobile stores in Michigan and Ohio. By the following April, four of the suspected robbers had been arrested. One confessed to the robberies and let the FBI search his phone.
The FBI was able to obtain information, including cell-site data, related to 16 phone numbers found on the suspect’s device. This was possible under the Stored Communications Act, a law that holds there’s a low expectation of privacy for information given to a third party, such as data held by a cell phone carrier. The FBI did not need to demonstrate probable cause in order to get a warrant as they would if searching physical premises for evidence.
The data showed that another person, Timothy Carpenter—tracked at nearly 13,000 location points over 127 days—was within a two-mile radius of four of the robberies. This eventually led to his conviction and a 116-year prison sentence.
Rights and the Roberts Court
Carpenter’s conviction was upheld by the Sixth Circuit Court of Appeals under the third-party doctrine. But in a somewhat surprising decision, the Supreme Court overturned his conviction. Chief Justice John Roberts sided with the Court’s liberal wing to deliver the majority opinion. Though appointed by Republican president George W. Bush, Roberts has been something of a swing vote in recent years.
“Mapping a cell phone’s location over the course of 127 days provides an all-encompassing record of the holder’s whereabouts,” Roberts wrote for the majority. “As with GPS information, the timestamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations.’”
The majority opinion largely focused on how technology has evolved since the 1970s when the Court developed the third-party doctrine; at the time, no one could have conceived the amount of data that could be conveyed to cell phone companies, or that it could be kept for years.
Justice Neil Gorsuch, recently appointed by President Trump, actually agreed with the majority’s conclusion, but disagreed with the idea that there’s an expectation of privacy with cell phone records. Instead, he argued that these records are actually the property of each cell phone user.
The Law After Carpenter
Carpenter doesn’t change what sort of information cell phone providers collect, it merely enhances the expectation of privacy. Police can no longer casually obtain this information, but now must have probable cause to link an individual to a crime before seeking a warrant. Basically, it requires law enforcement to specifically link your data to you and a crime the way that it would need to in order to search your home.
In some ways, this builds upon the expectation of digital privacy that the Court has already observed in recent years. In the 2014 case Riley v. California, the Court already held that police may not search the cell phone of an arrestee without probable cause. Now, that expectation of privacy extends to all the data a cell phone conveys.
Carpenter doesn’t protect all personal data sent to third parties, however. The Court went out of its way to note that their ruling doesn’t apply to data collection for foreign intelligence and national security purposes. That means that data collected by third parties and requested by Foreign Intelligence Surveillance Courts under the federal government’s PRISM program still isn’t subject to the probable cause standard. Given the deference the Supreme Court has long held toward national security issues, that seems unlikely to change any time soon.
Carpenter also doesn’t directly address other types of mass data collection such as automated license plate readers (ALPR), but it does open the door to challenges. “The Carpenter decision’s application to ALPR data is still an open question,” said Stephanie J. Lacambra, a criminal defense staff attorney with the Electronic Frontier Foundation, a nonprofit digital rights group. “I think that there’s definitely an analogy to be drawn between the Constitutional concerns in Carpenter and historical location data tracking via ALPR monitoring over time.”
So while Carpenter may not be as far-reaching as digital privacy advocates may like, it’s still a big win that gives some hope that the nation’s highest court is becoming more sympathetic to these issues.