On June 5, the Supreme Court agreed to review a case addressing an individual’s expectation of privacy in his or her historical cellphone location records. This case may well change the way we approach individual privacy in the digital age – not only with regard to cell phone records, but also information relating to email and internet activity, among other things.
The underlying facts of Carpenter v. United States concern two individuals – Timothy Carpenter (petitioner) and Michael Sanders – who in 2013 were found guilty by a Michigan federal jury of aiding and abetting a series of armed robberies. In prosecuting Carpenter and Sanders, the government applied for court orders under the Stored Communications Act (“SCA”), 18 U.S.C. § 2703(d), to access more than five months of historical cell phone locations records for Carpenter and several other suspects. Under the SCA, a government entity may obtain such records without a warrant (or probable cause) as required under the Fourth Amendment, provided that such data has been stored for more than 180 days and that the government entity offers “specific and articulable facts showing that there are reasonable grounds to believe that” the records sought “are relevant and material to an ongoing criminal investigation.” The court granted the government’s applications under the SCA, applying this lower standard of privacy and, ultimately, the jury convicted Carpenter and Sanders.
On appeal, the Sixth Circuit relied on the “third-party doctrine” in finding that no search occurred under the Fourth Amendment. This doctrine, which has its origins in the Supreme Court decisions in in United States v. Miller (1976) and Smith v. Maryland (1979), will likely be revisited by the Supreme Court in Carpenter. Analogizing location information knowingly shared with service providers to the dialed phone numbers knowingly conveyed to phone companies in Smith, the Sixth Circuit concluded that an individual does not have a reasonable expectation of privacy in cell site location information (“CSLI”) because CSLI is a third-party business record that reveals routing information rather than the contents of communications.
This approach has created discomfort among some academics, privacy experts and judges. In United States v. Davis, 785 F.3d 498 (11th Cir. 2015), for example, Judge Rosenbaum wrote in a concurrence: “In our time, unless a person is willing to live ‘off the gird,’ it is nearly impossible to avoid disclosing the most personal of information to third-party service providers on a constant basis … [a]nd the thought that the government should be able to access such information without the basic protection that a warrant offers is nothing less than chilling.”
For cellphone location data, the extent to which CSLI records may disclose intrinsically private information depends on a number of factors, but is increasing every day. The precision of a cellphone user’s location in CSLI records depends on the size of a cell site sector, because each cell site area can only carry a fixed volume of data. As smartphone data usage continues to grow, carriers have erected increasing numbers of cell sites, each covering successively smaller geographic areas, which means that CSLI records are becoming both more useful to law enforcement and more invasive of individuals’ privacy.
While individuals have a clear interest in their privacy, the Supreme Court’s decision in Carpenter is likely to have significant impacts for law enforcement investigative tactics, and for the many private companies who collect their customers’ geolocation data. Law enforcement often uses CSLI as a means to gather preliminary evidence in an investigation, which later can be used to demonstrate probable cause for a warrant authorizing a search of private property, including cellphones and other electronic devices. The collection of customer geolocation data by private companies has proliferated in recent years, and those companies have monetized that data by using it to refine their business operations and/or by selling it for other commercial pursuits.
Beyond CSLI, Carpenter presents an important opportunity for the Court to revisit the SCA. Written before the internet age, that statute is now heavily relied upon by law enforcement not only to obtain mobile phone information such as CSLI, but also to gain access to information regarding emails and online activity from internet service providers (“ISPs”). The seemingly endless stream of SCA-based requests for user information has become not only a major drain of resources for Silicon Valley, but also the source of significant privacy objections raised by tech companies and private citizens regarding warrantless searches.
The anachronistic state of the SCA has led many to call for its reform, and legislation has been introduced in Congress to do just that, although prospects for legislative reform remain murky. In Carpenter v. United States, the Supreme Court will have its own chance to weigh in.