Sometimes law enforcement needs a warrant to access cellphone data, sometimes a court order. Sometimes nothing is required.

Roaming while you roam.

Depending on where you use your cell phone, law enforcement may obtain your location records from your wireless provider without a court order or warrant — neither is required in Washington state. In urban areas where there are multiple cell towers, a phone’s location can be identified to within half a mile. Turning off your location services or powering down the cellphone alone will not shield you from law enforcement.

Click here to view the image.

Are you where you said you’d be?

When processing data, cellphones communicate with the strongest available cell tower signal. Calls, texts and internet browsing generate cell-site location information (CSLI). CSLI is time-stamped and linked to the phone number. Cell towers emit different signals in each direction, so the phone’s movement is tracked by its angular position relative to a tower. From CSLI, law enforcement can track where you are; what cell phones are near you; with what phone numbers you communicate; how long you communicate; and what routes you travel. In essence, everything except the actual communication is recorded. If you aren’t a criminal, you may not care. Depending on how CSLI is produced, even the innocent can catch the attention of law enforcement.

Despite your innocence, law enforcement may receive your cellphone usage records.

“Tower dumps” entail producing CSLI for all cellphones that processed data sent through a tower. If your cellphone uses a targeted tower, your data may be captured. You go from having fun with your friends to law enforcement tracking you by your number.

Click here to view the image.

Producing CSLI in real-time transfers your records contemporaneously as they are created by cellphone usage. If this happens, you are probably having a bad day — this method may be used in exigent circumstances. Collection of historical CSLI shows all CSLI for a cellphone for a specific period of time.

One person’s record is another person’s dirty laundry.

In U.S. v. Timothy Carpenter[1], the Sixth U.S. Circuit Court of Appeals joined the Eleventh Circuit[2] in ruling that law enforcement agencies do not need a warrant to track a caller’s location through cell tower records. Timothy Carpenter and Timothy Sanders robbed nine cellphone stores (ironic, isn’t it?) in Michigan and Ohio within four months.

The FBI requested the “transactional records” of the Timothys’ wireless providers, aka, the Timothys’ historical CSLI. Court orders were issued pursuant to the Stored Communications Act (SCA) after the FBI showed there were reasonable grounds to believe the CSLI was relevant to the investigation. The FBI reviewed 127 days of CSLI for one Timothy and 88 days for the other. The government established through the historical CSLI that the Timothys were located within a half-mile to two miles of each armed robbery when they occurred. On appeal, the defendants argued that the Fourth Amendment required the government to show probable cause and use a search warrant to access the CSLI.

The opinion focused on the following:

  1. There was no search, because the FBI collected the wireless providers’ data routing information, which was gathered in the ordinary course of business.
  2. CSLI does not refer to the content of the defendants’ private communications.
  3. Every cellphone user who has paid roaming fees knows that wireless carriers collect locational information, so there was no expectation of privacy.
  4. The CSLI is so comparatively imprecise compared to GPS, that there is no expectation that the cellphone user can be located exactly.
  5. The SCA requires the government to meet the “reasonable grounds” to get a court order, not the “probable cause” standard to obtain CSLI.

Tracking or stalking? Duration matters.

The concurring opinion in Carpenter questioned whether the business record standard of proof applies in the review of an alleged violation of Fourth Amendment rights. The rationale behind the question is that a business’s production of credit card records showing purchases, for example, may be sufficiently distinct from the production of cellphone records showing personal location to require a more stringent analysis. The concurring justice also found the scope of the location monitoring troubling. Lawfully tailing a suspect is one thing. Lawfully tailing a suspect for a period of three to four months transmutes the surveillance into the realm of privacy invasion.

So, how do I keep law enforcement out of my data?

iOS and Android operating systems and apps offer some protection of CSLI location data. Start by turning off the location services for all your existing apps. Download apps that discard the location data cached on your cellphone. Get and stay off the grid by using localized Wi-Fi connections. Rely on an offline map or app that anonymizes the cellphone, encrypts the location data and permanently deletes your data within a certain amount of time. Regularly monitor new technology used by law enforcement and cybersecurity experts.

Click here to view the image.

After all, when you build a better mousetrap, law enforcement will build a better mouse. Justice William O. Douglas called upon his Pacific Northwest ideals when he wrote, “The right to be let alone is indeed the beginning of all freedom.” Cheers to freedom.