In a 2014 Supreme Court decision, Chief Justice John Roberts quipped that cell phones are so common in America that Martians might mistake them for “an important feature of human anatomy.” Roberts’ insight is barely an exaggeration: According to Pew Research, 95 percent of Americans own a cell phone, and the majority rarely or never turn them off.
But cell phones also divulge sensitive tracking information to service providers, which can be acquired by law enforcement—without a warrant—using a legal precedent known as the third-party doctrine. On June 5, the Supreme Court agreed to hear a case that could affect the future of this doctrine.
Carpenter v. United States
In April 2011, police arrested four men for committing a string of armed robberies near Detroit (Ironically enough, of cell phones). While in custody, one of the men confessed to the crime and gave the police the phone numbers of his accomplices. The FBI then brought these numbers to a judge and requested access to the associated location data. Normally, the Fourth Amendment requires law enforcement to prove they have “probable cause” before conducting a search. In this case, the FBI argued that the Fourth Amendment did not apply because Timothy Carpenter had “voluntarily” disclosed his location to his cell phone provider. This is known as the “third-party doctrine.” The judge agreed, and forced the service providers to hand over the historical cell site location information (CSLI) data. Modern CSLI can be used to determine location to within fifty meters. Using this location data, the FBI was able to determine that Carpenter had placed calls near each burgled location. Based largely on this information, Carpenter was convicted and was sentenced to more than 116 years in prison.
The Third-Party Doctrine
The fundamental question brought about by the Carpenter v. United States case is this: Does the warrantless search and seizure of cell phone CSLI violate the Fourth Amendment?
The answer to this question is far from straightforward. Normally, the Fourth Amendment mandates that law enforcement obtain a warrant before searching the property of an American citizen. To get the warrant, law enforcement must prove that there is “probable cause” to believe that the property contains evidence of a crime. But there is an exception.
In the 1979 case of Smith v. Maryland, the Supreme Court ruled that citizens who voluntarily give information to a third party cannot reasonably expect it to remain private. On that assumption, the court ruled that the defendant, Michael Smith, had no constitutional right to protect the telephone number he dialed into his rotary phone from government scrutiny. According to the court, the data was no longer within the scope of the Fourth Amendment. This holding, which privacy advocates regard as an unwarranted loophole, is known as the “third-party doctrine.”
In Carpenter v. United States, lower courts held that the third party doctrine allowed the FBI to search Timothy Carpenter’s telephone records without a warrant based upon probable cause. Instead, the FBI used a 2703(d) order under authority of the Stored Communications Act, a Reagan-era law that deals with the disclosure of “stored wire and electronic communications and transactional records.” To get a 2703(d) order, law enforcement must provide “specific and articulable facts” showing that the contents of their search will be “relevant and material to an ongoing criminal investigation.” This is a considerably lower legal standard than the “probable cause” required for a traditional search warrant. The FBI needed no warrant, the lower courts held, because Carpenter disclosed his location voluntarily by the mere act of carrying a mobile phone.
The third-party doctrine has been used over past several decades to justify the search or seizure of all types of information without a warrant, of which “cell site location information” (CSLI) is one type. Depending on how the Supreme Court rules, Carpenter v. United States could have a number of different effects on the future of the doctrine, and of digital privacy in a broader sense.
On the one hand, the court might rule that law enforcement must acquire a warrant to search or seize historical location data. In a Supreme Court case from 2014, the court unanimously held that law enforcement must produce a warrant to search digital information on a cell phone seized from someone who has been arrested. In the majority opinion for that case, Justice Roberts acknowledged that the term “minicomputer” is more accurate than “cell phone” for a device that stores reams of sensitive data about its user. The court could rule similarly in Carpenter v. United States, effectively telling law enforcement that metadata and personal data share similar protections under the Fourth Amendment.
In a case from 2012, Justice Sotomayor wrote a concurring opinion hinting that the third-party doctrine needs to be reassessed:
It may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties…This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.
No other justice joined her opinion at the time, and it has no binding authority. It remains to be seen whether she can persuade a majority of the court.
The court could also rule that the third-party doctrine applies to historical CSLI data, and therefore the Fourth Amendment does not apply. This was the majority opinion of the Sixth Circuit. Such a decision would weaken location data privacy protections at the national level, which currently vary by state.
Whatever the nature of the decision itself, the ruling of Carpenter v. United States will likely have real implications for data privacy, and not just location data.
The court could also come down somewhere in the middle. Some legal scholars have argued that the duration of location data collected by law enforcement is relevant to the legality of the search, suggesting that a sufficiently long-term search cannot be justified by third-party doctrine. In Carpenter v. United States, the CSLI data collected spanned 127 days.
Whatever the nature of the decision itself, the ruling of Carpenter v. United States will likely have real implications for data privacy, and not just location data. Internet connectivity in wearable devices and everyday objects is becoming more and more common. Like cell phones, these devices produce metadata that can paint a detailed picture of the user’s health, political affiliations, or even personal life. As more Americans hand off metadata to third parties, Supreme Court decisions affecting privacy protections will become even more critical.