Fifth Circuit Court Of Appeals Upholds Decision That Warrantless Cell Phone Tracking Doesn't Violate Fourth Amendment

from the sadly,-another-one-for-the-'unsurprising'-column dept

The ongoing court battle over warrantless cell phone location tracking continues and the latest decision is another setback for the Fourth Amendment. The Fifth Circuit Court of Appeals held that individuals have no reasonable expectation of privacy over their location data. The decision states that location data is a “business record” created by private companies with the implicit consent of cell phone users and therefore are not subject to privacy protections.

[C]ell site information is clearly a business record. The cell service provider collects and stores historical cell site data for its own business purposes . . . the government merely comes in after the fact and asks a provider to turn over records the provider has already created.

The rationale is that cell phone companies are not required by the government to create or retain this data and that citizens are not required by the government to carry or use cell phones, thus making this data subject to the Third Party Doctrine and removing any expectation of privacy.

This rationalization goes counter to the recent NJ Supreme Court decision (unrelated other than in subject matter), which found that location data should be subject to privacy protections for nearly the same reason. Although cell phones aren’t in any way “mandatory,” the court stated that no one uses a cell phone with the intent of creating a location-specific metadata trail for law enforcement to scoop up without a warrant.

The decision to declare cell phone location data “business records” also plays into the hands of intelligence agencies like the NSA and FBI, allowing them to harvest vast amounts of data on Americans without running the risk of violating their constitutional rights (at least, not according to these interpretations). The court also added that there is some form of recourse for citizens worried about their rights being violated — but both suggestions are a dead end.

“But the recourse for these desires is in the market or the political process: in demanding that service providers do away with such records (or anonymize them) or in lobbying elected representatives to enact statutory protections.”

As the ACLU points out, neither of these “remedies” are likely to result in additional privacy protections.

Regarding the first point, perhaps the court is unaware how opposed the cell phone companies are to even disclosing how long they keep subscriber data. It took a nation-wide public records act request campaign before we received a Justice Department information sheet on how long carriers keep such records. (According to the 2010 document, Verizon keeps historical cell phone records for “1 rolling year” while Sprint keeps them for “18-24 months.”) There is no cell phone company that doesn’t retain historical cell site location data, or even one that keeps it only for a short time. And anyway, our Fourth Amendment rights should not depend on the largesse of for-profit corporations.

As for pressing for Congressional change, the ACLU has been doing just that for years. (The federal statute the government uses to obtain cell phone location records was written way back in 1986 and hasn’t been meaningfully updated since.) But the mere fact that some other branch of government could provide a remedy is no reason for courts to take a pass on protecting Americans’ privacy.

Expecting corporations to protect your privacy is, for the most part, a non-starter, especially if these corporations can monetize the data in any way. Furthermore, how many people actually believe the government would allow cell phone providers to simply scrap the data (or anonymize it) once it’s served it purpose (monthly billing, for instance), rather than retain it for months on end? Intelligence agencies and law enforcement would simply push for legislation and court orders to ensure this flow of data continues uninterrupted.

In a 25-page dissent, Judge James Dennis pokes holes in the majority’s “business records” rationalization, quoting Justice Sotomayor’s reservations about the majority’s opinion in US vs. Jones:

[In future cases] considering the existence of a reasonable societal expectation of privacy in the sum of one’s public movements[,] . . . it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. . . . I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

By allowing law enforcement to access “business records” without a warrant, the Court opens up the possibility that these agencies will find a person’s internet history, email and contact lists to be similarly devoid of Fourth Amendment protections. Saying one thing is a business record and one thing isn’t only further obscures an aspect that needs clear delineation, one that would preferably draw the line before location data rather than attempt to determine which “parts” of a person’s cell phone are subject to privacy protections.

We also have to ask why there’s such an aversion to obtaining a warrant. In many cases, the information needed is historical. In other cases, when something more current or time-sensitive might be needed, there are emergency orders and other legal remedies (once in the courtroom) to allow some warrantless data collection to be admitted as evidence. The more these battles drag on, the more it appears that these agencies are benefiting from multiple interpretations of outdated laws, a benefit they’d clearly prefer to keep intact. This creates a path of least resistance, which becomes especially problematic when combined with the agencies’ natural tendency to collect as much data as possible, “just in case.”

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Fifth Circuit Court Of Appeals Upholds Decision That Warrantless Cell Phone Tracking Doesn't Violate Fourth Amendment”

Subscribe: RSS Leave a comment
GMacGuffin says:

Uh ...

The rationale is that cell phone companies are not required by the government to create or retain this data and that citizens are not required by the government to carry or use cell phones, thus making this data subject to the Third Party Doctrine and removing any expectation of privacy.

Uh, we’re not required by the government to live in a house either, but I’m pretty sure the 4th Amendment covers that, as well as our “papers and effects” which in relation to cell phones, the former being accessible or stored in the latter.

Ray says:

My wife isn’t required by the government to retain copies of our love letters and I am not required to carry them by the government. By this reasoning, the government can search my person and read my personal letters.

We really need a method to throw judges off the bench on election day. Unfortunately, the politicians that could, have all been blackmailed through intrusive spying by a corrupt corporate owned fascist government.

When a court ignores the constitution, they have committed a crime and the worst of all – treason. Making sure that judges do not carry a passport from two countries is a good place to start.

Anonymous Coward says:

The rationale is that cell phone companies are not required by the government to create or retain this data

And that’s bullshit.

The federal government has required wireless carriers to build location technology into their networks. When the Fifth Circuit says that cell phone companies haven’t been required to build that location technology?those Fifth Circuit judges are just dishonest.

?Sprint, Alltel, USC fined for missed e911 deadline? ? (August 31, 2007)

The FCC has fined Sprint, Alltel and U.S. Cellular a total of $2.83 million for not meeting the December 31, 2005 deadline for enhanced 911 services. By the end of 2005, all wireless carriers had to ensure that 95 percent of their subscribers had location-enabled handsets?

(Emphasis added.)

The Fifth Circuit judges know this. The judges are being intentionally dishonest. The judges are lying.

out_of_the_blue says:

"How America's Top Tech Companies Created the Surveillance State"

Highly relevant. — And surprise! Real journalist mentions Google!

“Facebook?s Mark Zuckerberg, he of the teen-nerd hoodie, said he?d never even heard of the kind of data-mining that the NSA leaker described?then fell quiet. Google cofounder Larry Page declared almost exactly the same thing; then he shut up, too. Especially for the libertarian geniuses of Silicon Valley, who take pride in their distance (both physically and philosophically) from Washington, the image-curdling idea that they might be secretly in bed with government spooks induced an even greater reluctance to talk, perhaps, than the Foreign Intelligence Surveillance Act, which conveniently forbids executives from revealing government requests for information.”

S. T. Stone says:

Re: "How America's Top Tech Companies Created the Surveillance State"

You know, if you want people to pay attention to you, maybe you should try pointing out examples of such behavior from companies other than Google.

Otherwise, you tend to look as if you have a vendetta against Google and would willingly ignore the same behavior if other companies do it.

Anonymous Coward says:

I’m glad someone else noticed the Enhanced 9-1-1 backdoor legislators used to slip location tracking into every single cell phone, under the guise of “Safety”.

“Wireless network operators must provide the latitude and longitude of callers within 300 meters, within six minutes of a request by a PSAP.”

Anonymous Coward says:

Re: Re:

I’m glad someone else noticed?

It’s not a big secret. It never was.

Furthermore, if you read the opinion carefully, it’s painfully clear that the Fifth Circuit judges on the panel were well aware that the government has imposed requirements on the cell-phone carriers.

For the judges to then turn around and say, well, the carriers didn’t have to keep track of their users’ locations?who the fuck are these judges trying to kid here?

The majority opinion is intentionally dishonest. That’s my conclusion.

Anonymous Coward says:

nothing new,

presidents for this already exist, it clearly falls under ‘green fields’ and the court is correct it’s business records, and is information the cellular system get, sure they were asked to retain that information, but not ‘create’ it. It already existed, it is a part of the system itself (what towers you talk too is part of the system working), the records of what towers are used for what calls is operational information.

Government asked the phone companies to keep that information instead of deleting it, it’s also a business record and as such there is a requirement by law to retain those records for business purposes. (7 years in Australia).

Nicholas Batik (profile) says:

There is an implied contract with both public and private data

The courts have already established that there are numerous venues within which you have no expectation of privacy. What is missing in this discussion is the implied contract that is associated with your public data, specifically that your public data is casual, random, limited, and segregated.

It may be easiest to illustrate those with example:

It is understood that if you venture into public you will be observed. No one expects privacy in that setting. You may encounter the same people in the same places, at the same times, or randomly at different times and venues, but you would become suspicious if you encountered the same person everywhere you went. You would probably suspect stalking.

If that person recorded which lights turned on in the windows of your house, the order they turned on and their duration, when you opened and closed window shades, the time you entered and exited your house, where you went, what you bought, who you met, and so on, you would necessarily be worried. All that information is public, but it has crossed a threshold of limited, casual and random.

It is understood that this behavior implies nefarious intent. Even if that person is a law enforcement officer, we have historically required reasonable suspicion of behavior, or a court order authorizing their collection of your public data on such a scale.

If a store owner tracks your purchases to provide better service and try to better meet your needs, that is laudable. If he starts following you around the shopping mall to see what else you buy, that rapidly degrades into creepy behavior.

We expect that grocery stores will track our grocery habits, the phone company will monitor our calling patterns, the credit card company will analyze typical and non-typical purchases to prevent fraud. Although all this data is ostensibly public, implied in this understanding is the segregation of that data. If the phone company started acquiring our grocery records, we would demand to know why, and act to put a stop to it.

In order for the government to carry out its appointed tasks, it must obtain from its citizens specific personal data, that if disclosed, could result in loss of harm to that citizen. We entrust this information with the understanding that those in authority will take all necessary safeguards to protect it from disclosure or unauthorized use.

When that same authority accumulates all our public data, from all of the available sources, combines that the private data of our financial and tax records, medical records, licenses, legal filings, driving records, political and religions affiliations, and all other disclosures, then it has far exceeded the authority issued by its citizenry.

That it should then use this unprecedented store of information to identify and target individuals for propaganda and behavioral modification, as well as provide policing agencies the ability to observe and analyze the totality of every citizen’s life for any and all activities that may be used to incriminate those individuals, for the entire duration of their lives, then it has crossed the boundaries of implied consent of both the public and private stores of data, and has ventured into realm of treason against its people.

jilocasin (profile) says:

Mandatory data retention returning

Dick Durbin, the Democratic senator from Illinois and Senate majority whip during yesterday’s senate hearing asks this loaded question:

“That’s all very well, Durbin says, but would it not be possible for the phone companies to retain their own records over a given time period: “So it would not be in the grasp of the government?”

Inglis says that would be possible. It would require legal changes.”

They (the government) tried to require companies to maintain “business records” so that they could rummage through it at their leisure (re: recent 5th circuit decision) without a warrant or any other oversight. It didn’t happen. So, they just started collecting all of that data themselves.

Now that they’ve been called out on it they are offering to stop, but only if they can force companies to store and maintain this data for them.

Give us what we want or we’ll do it ourselves, to heck if it’s illegal. If you want us to stop then you should’ve just done what wanted to begin with.

Sounds an awful lot like crooks telling you to give them all of your money. When later caught with their pockets full of your money and jewelry a helpful cop suggests; “What if we just put all of our money and jewelry in that box over there, that way you wouldn’t have to break in to people’s houses anymore? The robber replies, says that would be possible. It would require legal changes.

How about if the government tries to actually follow the law?

How about the president and congress upholding the constitution for a change?

How about a law that says companies can not generate, keep, or re-purpose your data for any reason other than the one you gave it to them for?

As for cell phones (a.k.a. government trackers that you can talk/text with) I find it kind of damming that you can’t turn off your ‘location services’ (gps) for everything. It would be a simple matter for the phone to turn it back on again _when_you_dialed_911_. I guess if you could, you might, and then they would have to rely on the less accurate cell tower records.

Anonymous Coward says:

Re: Mandatory data retention returning

? then they would have to rely on the less accurate cell tower records.

The e911 location requirement can be met by either GPS in the handset or by cell tower triangulation.

The phone companies were fined $2.83 million because they weren’t meeting the requirement on time using any acceptable technology?not even cell tower triangulation.

Nicholas Batik (profile) says:

Re: Boycott

Wrong target. When you subscribe with the phone company you sign-off on the “I agree to…” notice regarding the collection of your data for business purposes, however grudgingly you may do so.

As jilocasin points out, the issue is not the companies that collect, and eventually expire that data, it is the government that re-purposes and infinitely retains it, without our knowledge or consent.

The question is: How do you boycott the government?

Anonymous Coward says:

This ruling pisses me off as a law abiding American citizen. I don’t willingly turn over anything to my cellular provider, especially my location information! I have no say over what’s collected. The only way I have a say is if I stop using a cellphone!

I want to start yelling curse words at the Fifth Circuit Justices, so I’m just going to stop typing. Bravo to Justice James Dennis for actually understanding that Americans do in fact, have an expectation of privacy in their movements.

American citizens should have more privacy rights than GPS tagged wildlife! Not so, says the Fifth Circuit majority. Despicable! Absolutely despicable!

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...