DOJ Leans On Old Laws And Even Older Cases To Argue Against Privacy Expectations In Cell Site Location Data

from the it's-1979-all-over-again! dept

Last month, AT&T entered an amicus brief in the US v. Quartavious Davis case, arguing that law enforcement shouldn’t be allowed warrantless access to cell site location data. AT&T’s entry into the privacy battle comes after a lengthy silence during which it was very obliging of government requests for customers’ data. The crux of its argument was this:

Nothing in those [prior court] decisions contemplated, much less required, a legal regime that forces individuals to choose between maintaining their privacy and participating in the emerging social, political, and economic world facilitated by the use of today’s mobile devices or other location-based services.”

That’s where we are, as far as private citizens are concerned. The government, through its thorough exploitation of the Third Party Doctrine, has basically forced the public to choose between allowing warrantless access to tons of their data (and metadata) or living some sort of off-the-grid lifestyle that doesn’t involve generating “business records” via cell phone, internet service, etc.

Some judges and justices have noted that today’s connected world would be completely unrecognizable to the judges who made the decisions the government relies so heavily on: namely, Smith vs. Maryland (1979).

The DOJ has entered its brief [pdf link] for the Eleventh Circuit Court’s en banc re-hearing of US vs. Davis (2014), and it again attacks the defendant’s assertion that he has an expectation of privacy in his cell phone records. While the government does make a good point that it’s difficult for Davis to claim privacy expectations in a phone he refused to admit was his, it goes on to attack the premise that anyone has any expectation of privacy in their cell phone records. (All emphasis the DOJ’s.)

Davis may not make out a right to be secure in someone else’s “papers,” see U.S. Const. amend. IV, by complaining that those papers contained “his location data.” Evidence lawfully in the possession of a third party is not his, even if it has to do with him. Indeed, so far as the Fourth Amendment is concerned, Davis could not have prevented MetroPCS from producing the records in question even if they were his.

Here, the government argues that the records you generate by using a cell phone are not yours, nor will they ever be. They belong solely to the company that retains them and, as such, can be obtained with a minimum of paperwork or effort. It expands a bit on this argument a little later in the brief, but the underlying assertion is clear. These records are yours in the fact that they can identify you, but they are not yours should you seek to control access to them.

Certainly Davis could not have prevented the provider from turning over the records, but that skirts some of the issues with this case. AT&T argued that the information it collected was sensitive enough that it should require a warrant to obtain. The government could still obtain these records (as it argues here), but it would need to reach the slightly-higher bar of “probable cause,” rather than a court order or a subpoena.

The government leans on the nearly 40-year-old Smith decision as a prelude to its longer dismissal of any additional privacy expectations.

In general, courts have held that phone customers could not have maintained an actual expectation of privacy in routing-related business records made by a phone company to document transactions to which it was a party. See Smith, 442 U.S. at 741-43, 99 S.Ct. at 2580-82; United States v. Gallo, 123 F.2d 229, 231 (2d Cir. 1941). There is no cause to take a different view as to cell tower records.

The DOJ may say that cell phone records are pretty much the same as they’ve always been, but the dates of the cases cited don’t bear this out. One decision is 35 years old. The other is 73 years old. Phone records used to be limited to phone numbers only. Now, they carry additional data, including location — something that definitely wasn’t on the courts’ radar 40-70 years ago.

The DOJ then nails the point home, indicting US citizens as complicit in the removal of privacy expectations.

At any rate, Davis is not in a good position to complain that the government improperly obtained “his location data,” since he himself exposed and revealed to MetroPCS the very information he now seeks to keep private—i.e., the general vicinity information circumstantially inferable from cell tower records

“Exposed” and “revealed” are pretty harsh terms for something citizens are forced to give up in order to use cell phones. Without a doubt, many would like to keep this information private, but are unable to do so because even though they generate the records, they ultimately have no control over their distribution. Not only that, but they have considerably less access to records they’ve generated than law enforcement agencies do. The Third Party Doctrine has managed to turn the American public into handy little data generators — data that the government can avail itself of with nothing more than a subpoena.

The government further asserts that Davis’ stated “ignorance” of the fact that cell providers collect and store location data gives him no reason to claim an expectation of privacy. And this is true. Ignorance isn’t a worthwhile excuse. But many of us do know providers store this information and yet, there’s nothing that can be done about it other than to forgo the use of a cell phone altogether. That’s almost an impossibility in this world, but the government maintains the stance that all of this is optional — that we willingly create a wealth of data for third parties that can be accessed by law enforcement with minimal paperwork, let alone oversight. These are records we have no control over and yet the government is willing to use these against us while pretending we somehow have a choice in the matter.

Notably, the government also leans heavily on the Stored Communications Act to bolster its arguments — a 30-year-old law that still treats email over 180 days old as not worthy of a warrant. Again, times have changed but applicable decisions and laws haven’t. As it stands now, your life — as stored by third parties — is an open book.

This isn’t a great test case for privacy expectations in cell phone records. Davis refused to admit ownership of the phone linking him to the string of robberies, taking a lot of the wind out of his Fourth Amendment sails in the progress. Like the Dread Pirate Roberts/Silk Road case, the government has used the denial of ownership to undercut Fourth Amendment concerns (Ulbricht has denied the servers infiltrated by the FBI are his). Defendants are basically being put in the position of incriminating themselves or abandoning any privacy arguments — an unenviable position.

But the fact remains that location data can reveal far more about a person than the government is willing to admit. It’s not simply a “business record.” It’s a roadmap to a person’s connected existence. There should be an expectation of privacy, especially when the data gathered covers a span of days or weeks. But so far, the laws and the courts back up the government’s third party assertions.

Filed Under: , , , , , ,
Companies: at&t

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DOJ Leans On Old Laws And Even Older Cases To Argue Against Privacy Expectations In Cell Site Location Data”

Subscribe: RSS Leave a comment
Dave Cortright says:

Why don't we simply ask the public what they expect

It’s completely arrogant for the DOJ to assert what the public does and does not expect regarding privacy in this interconnected world. The public is capable of speaking for ourselves. So why don’t we just ask them? Someone should do a survey of the public asking privacy-related questions (e.g. Should the government be able to look at your the location data derived from your cell phone as you move from cell tower to cell tower without a warrant?)

IANAL, but I’m guessing this wouldn’t necessarily be admissible, and it probably wouldn’t trump law. But it would be a hell of a lot more honest than what the DOJ is doing here. If the DOJ is going to rape the public, they should at least show the most basal respect; don’t blame the victim and claim that they consented.

John Fenderson (profile) says:

Re: Not so fast

HIPAA is a specific exception encoded in law, so it’s not really a counterexample. It’s also a fairly narrow exception that only applies to the “business records” of certain specific entities. For example, if you were to do business with me and told me medical information about yourself in the course of that, HIPAA wouldn’t protect you at all.

Anonymous Coward says:

3rd Party Doctrine...

Still clearly addressed and protected by the constitution.

The governments power to regulate never provided a loop hole to access any damn thing they want.

This is the biggest failure of the Education System and the Electorate at large. A spade is a spade…. no matter what linguistic legerdemain is used to blur its appearance.

Yes, that means that the vast majority of you are ignorant idiots… I was once as well… wake up and stop voting in these R & D idiots that treat you like the idiots that you are!

Anonymous Coward says:

“Davis is not in a good position to complain that the government improperly obtained “his location data,” since he himself exposed and revealed to MetroPCS the very information he now seeks to keep private—i.e., the general vicinity information circumstantially inferable from cell tower records”

So, for example:

“Davis is not in a good position to complain that the *US Deputy Marshalls service* improperly obtained “his location data,” since he himself exposed and revealed to *the stablehand* the very information he now seeks to keep private—i.e., the general vicinity information circumstantially inferable from *the stablehand’s records that he did arrive at the Inn’s stable at 2am, that his horse was provided with 1 nosebag of feed at 2.10 am plus one drink of water, and that he did ride away at 2.30am*

Anonymous Coward says:

Fundamentally immoral

It’s fundamentally immoral that the government is not laughed out of court for asserting the dilemma that the Defendant either claim ownership of the incriminating evidence or forfeit the opportunity to argue it was accessed unlawfully. Any incriminating evidence used by the prosecution should be subject to a reasonable challenge that the information was obtained improperly.

Wade says:

Presumably, DoD and CIA data are transmitted along with everyone else’s by the usual internet backbone providers (one would hope with encryption, but you never know). If those providers decided to sell copies of the data to other nations, do you think that the DoJ would say that the DoD and CIA have no expectation of privacy since their data was entrusted to a third party?

Anonymous Coward says:

Re: Re:

“If those providers decided to sell copies of the data to other nations..”

..then they’ve found a bunch of suckers to buy it. Those other nations are ‘tapping the backbones’ too, especially the other Five Eyes and Germany and the usual suspects and whoever else intercepts subsea cables and optical splitters. I can only imagine the US data is filled with misdirections, like spies do every day of the week.

Anonymous Coward says:

Eric Holder will be out soon!

Good ‘Ol Uncle Eric will be out soon.

Seems to me, Law and Order needed a court order to get phone records. A court order is needed to get a pen and trace order (unless you are using a Stingray.)

Cell phone data may not have the expectation of privacy in such that we (the users) know they are confidential. It’s a necessary part of the service, but they do not become records that can be requested trivially without a court order.

M. Alan Thomas II (profile) says:

I’m not sure we can argue without qualification that pre-cell-phone phone data didn’t include location information; knowing that I’m calling from near tower X is a lot LESS specific than knowing that I’m calling from the pay phone on the NW corner of 5th and Park. The difference is that the cell phone roams everywhere with you (including on private property) and captures all calls (not just ones at specific locations being monitored).

That being said, if I’m going to commit a planned crime, I’m not going to be carrying a tracking device with me.

Anonymous Coward says:

Want to know what location data looks like, played back on Google Maps?

“Green party politician Malte Spitz sued to have German telecoms giant Deutsche Telekom hand over six months of his phone data that he then made available to ZEIT ONLINE.”

“By pushing the play button, you will set off on a trip through Malte Spitz’s life. The speed controller allows you to adjust how fast you travel [through his life], the pause button will let you stop at interesting points.”

Warning: Javascript required for Google Maps to work!

A little icon even pops up on Google Maps showing where and when Mr. Spitz made all his phone calls.

All it takes is a subpena or a hacker, in order to replay the past 5 years of your life. Moment by moment on Google Maps.

What pisses me off is there’s no reason for retaining logs past what’s needed for billing purposes. These half decade old logs, available to law enforcement, or hackers, without a warrant or probable cause. Is what makes this a human rights violation where everyone’s being tagged and tracked like wildlife.

Ninja (profile) says:

I think laws should have an expiration date that is well below the lifetime of the regular folk unless they are obvious such laws against murder (and even then they should have a mandatory review date). If the law expires using the fact that they do not take into account new tech should be an acceptable defense and they should lose force considerably against even the slightest possibility that they are violating another law or the Constitution (ie: they could be ruled invalid anytime by any of the powers).

There are issues implementing this but we need reboots instead of patches at times. And update is a must when it comes to technology.

Griffdog (profile) says:

data collection

My cellphone invoice and usage records have much more information than necessary for the billing purposes. The plan offers unlimited voice, unlimited text messages, and a multi-gigabyte cap on the data usage.

In the data category, I can view the time and quantity on my bill for my usage. That seems useful, and I can manually compare that with application usage records on my phone to see which application is hogging the bandwidth. No problems here.

But for the voice and text categories, I can view the number for every call or message. I don’t need this information, and frankly, I don’t see why the wireless company needs it. Sure, capture the total talk time and the total number of messages, but I really don’t care to ever see the connection information.

The wireless company may state that they need certain data to accurately model their rate structures, but I suspect they could just as effectively set their rates using random samples of anonymized data plus the larger sets of conglomerate data. Surely they’d save money in several places, especially when printing and mailing my monthly bill (yeah, I’m a dinosaur who wants a paper bill, but I still don’t need to be silly wasteful about getting a huge pile of papers that just gets immediately fed to the shredder).

Further, the same logic applies to all the other data they seem to collect, such as which cell towers my phone pings and any other location data shared by my phone. It’s not needed for billing me, and they could evaluate tower operations just fine without being able to trace every ping and call back to a specific phone. The irony is that if I ever wanted to view that data about my own devices, I’d probably need to submit more paperwork than they require from the cops.

Already, the popularity is increasing among email services that offer increased privacy. When will I be able to pay a few bucks more (because, of course!) so that my phone company won’t regularly store any more data than what is truly needed for billing purposes?

The Crafty Trilobite says:

Blame the phone company, not the government

The government’s arguments make sense, for the reasons suggested by Anonymous Coward above – the data’s out there, it’s not private, why should they need a warrant? The 4th Amendment just isn’t all that broad. Same problem came up with bank records 50 years ago, the constitution doesn’t protect them. So we’ve filled in with laws. If I store papers with my lawyer or my bank, the cops need a warrant even though the papers aren’t literally in my hands, because we have laws making those agents an extension of my personal privacy. We need the same for ISPs and phone companies. You’re on your own if you voluntarily decide to use google maps or tinder, though.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...