Government Asks Appeals Court To Change Its Mind On Warrant Requirement For Cell Site Location Info

from the OP-PLS-RESPOND dept

The Fourth Circuit Court of Appeals might be revisiting its recent decision of imposing a warrant requirement on the acquisition of cell site location information. The government has asked for an en banc hearing to settle this issue.

As of now, there is no unified view on the privacy (or lack thereof) inherent to historical cell site information. Nathan Freed Wessler, staff attorney for the ACLU, has put together a map of current decisions that shows where warrant requirements have been established (for now — many are being appealed/challenged) and where they haven’t. (Click through for a [slightly] larger version.)

Back in August, the Appeals Court pointed out that cell phone users don’t voluntarily give up their expectation of privacy by “providing” certain information to “third parties” (cell phone providers). It’s actually the reverse. The phone companies collect this information. And while phone users may agree to allow cell providers to collect this (and they have no choice — without it, no cell provider would connect a call), they do not explicitly give the government permission to collect this information as well. And most people don’t even cognitively agree to hand it over to cell phone companies.

… First, the policy only states that Sprint/Nextel collects information about the phone’s location – not that it discloses this information to the government or anyone else.

Second, studies have shown that users of electronic communications services often do not read or understand their providers’ privacy policies. There is no evidence that Appellants here read or understood the Sprint/Nextel policy.

The government has leveraged the ignorance of the public just as often as service providers have. No one reads Privacy Policies and no one truly expects the government to have warrantless access to location information gathered by the providers. But the government has often successfully claimed it can obtain this information without a warrant, thanks to the Third Party Doctrine, which legally erases any expectation of privacy.

So, as the courts tiptoe towards a more unified view of the Fourth Amendment as it pertains to cell site location information, the government is fighting a multi-front battle to protect its warrantless access to a wealth of ostensibly personal information.

Hopefully, this battle will be uphill. In the request for the en banc hearing, the government notes the court’s unwillingness to apply the Third Party Doctrine to this information.

The majority flatly rejected application of the third-party doctrine. Op. 36-60. The majority sought to distinguish Miller and Smith on the ground that “the defendant in those cases had ‘voluntarily conveyed’ the information to the third party.” Op. 39; see Op. 42-43. The majority concluded that historical CSLI is not “voluntarily conveyed” because a “user is not required to actively submit any location-identifying information when making a call or sending a message.” Op. 44. Disregarding the undisputed evidence that cell phones cannot work unless the service provider knows which cell tower to use, and that Sprint/Nextel informed customers that it collected their location information, the majority deemed it “clear” that “cell phone users do not voluntarily convey their CSLI to their service providers.”

On the other hand, it points to dissenting opinions that note adding a requirement that users must “actively submit” information to third parties to consider it obtainable without warrants is at odds with several precedential decisions.

As Judge Motz observed, the majority’s insistence that an individual only “voluntarily conveys” what he “actively submits” contravenes long-established business records jurisprudence. See Op. 119-20. Customers do not “actively submit” the date, time, and duration of phone calls, but neither this Court nor any other court has held that such information is protected by the Fourth Amendment. The majority’s reasoning could have far-reaching consequences. For example, Internet communications are routed via IP address, and courts have held that users lack a reasonable expectation of privacy in IP address information, see, e.g., United States v. Forrester, 512 F.3d 500, 510 (9th Cir. 2008)—but users do not actively submit IP addresses to their service providers. The majority’s creation of a Fourth Amendment interest in such data vitiates the third-party doctrine and eliminates the bright line (or any discernable line at all) between information protected by the Fourth Amendment and information that belongs to a third-party.

However, considering the wealth of information routinely gathered as “business records” via personal cell phones, it’s perhaps time to start setting new precedents. While pen register orders can be used to obtain call data from landlines, these records provide no location information. The phone is locked to a single residence or business. (The same can be said for most IP addresses.) Today’s pocket narcs create records continuously, generating a persistent record of a person’s movements. And this location information is often generated without a single phone call being made — further distancing cell site location from old-fashioned call data.

The government also argues that the Supreme Court’s Jones decision — which dealt with the warrantless use of GPS tracking devices — shouldn’t be applied here, as historical cell site location data isn’t really the same thing. (It overstates the significance of the decision, which was about three-quarters “punt.”) Technically, it isn’t, but for the sake of the Fourth Amendment, it conceivably should be. While a tracking device may provide real-time location data, the location data obtained from cell phone providers offers the same sort of tracking, if only slightly delayed and with a little less accuracy.

No hearing has been granted yet, but government petitions tend to receive a bit more deference from the courts. When it does rehear this, the government will once again be arguing against the establishment of a warrant requirement — a permission slip that is often treated as a rubber-stampable formality by magistrate judges and just as routinely treated as an onerous burden by law enforcement agencies.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Government Asks Appeals Court To Change Its Mind On Warrant Requirement For Cell Site Location Info”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Not technically necessary

And while phone users may agree to allow cell providers to collect this (and they have no choice — without it, no cell provider would connect a call)

They wouldn’t (now), but that’s just a business decision—it’s not like it’s impossible. You could use something like Tor to establish a link while hiding the location. Zero Knowledge Systems even did it with network billing, over a decade ago. (And it’s doable today with voice over IP if you’re using open WiFi with a randomized MAC on your phone.)

Anonymous Coward says:

Re: Re: Not technically necessary

Yes, it’s technically necessary. In order for the cell network to send radio tranmissions to your phone, it has to know which cell tower to transmit from.

Yes, but it doesn’t need to know it’s your phone. Just like Tor or any onion router—a computer requires an IP address to send or receive packets, but Tor mixes things up so the server doesn’t know where the client is (even if it knows who it is, cf. Facebook’s hidden service).

The phone needs to convince some tower to grant it network access. The tower needs some way to verify this was paid for, but the method need not be identity-based. Zero Knowledge Systems would accept a credit card payment and give their users some Chaumian cryptocurrency with which they could pay the network providers (internet nodes, cell towers, whatever). And once you’re on the mixnet, you just find a (bidirectional) path to your network provider. The tower won’t know who your provider is, and the provider won’t know who the tower is. See Wikipedia on onion routing.

John Fenderson (profile) says:

Re: Re: Re: Not technically necessary

I see what you’re saying. Yes, it is possible to design a cell phone network that can accomplish what you’re saying. I’m just saying that’s not the network that was built, and to change to a more secure infrastructure would be incredibly expensive and disruptive.

Also, the TOR analogy can be made to fit, but it’s not as clean as you imply. On the internet, there is a distinction between the ISPs and the servers you visit, and TOR leverages that by hiding information the ISPs need from servers, and vice versa.

In the cell network, this distinction does not exist. The “ISP” (the tower operators) and the “servers” that carry phone calls are the same company. Hiding information for one from the other becomes less effective because they’re both really the same entity.

Anonymous Coward says:

Re: Re: Re:2 Not technically necessary

TOR like routing does not prevent location tracking via the cell sites that a phone connects to, it can only hide who is talking to who. Also due to timing and triangulation capabilities it is extremely hard to prevent this by changing a phones identifier, as the ID switches can be tracked. Letting the phone connect from your home location limits the number of people that the phone could belong to, and this is easily resolved by watching where the various phones go.
About the only way to prevent location tracking via a phone is to keep it switched off most of the time, which reduces is usefulness as a phone.

Anonymous Coward says:

Re: Re: Not technically necessary

If you are relying on open WiFi, rather than a cellular connection, you will have problems holding a VOIP connection while moving, as your IP address will change

I meant you’d be running it over an onion network like Tor. Just for location privacy, not anonymity. In theory they can hold a circuit open when your IP changes. Not sure how well it works in practice, but the CCC had an anonymous presentation in 2006 over Tor.

You won’t get a landline-quality connection with something like this, but it can be set up without inventing any new technology. The same goes for a cell-network setup: it “just” requires putting existing technology together, and the real challenge would be getting cellular providers to cooperate.

Anonymous Coward says:

Re: Re: Re: Not technically necessary

Assuming that a continuous connection is required, changing a phones identity has a very limited value as an anti-tracking mechanism, as monitoring changing identities connected to the network, with triangulation from adjacent cell sites, enables the device to identified, with some uncertainty if two very close devices change identity at the same time. However, unless they are moving together, it will not take long to resolve which device is which.
That is the very tracking you are trying to defeat makes it extremely difficult to change identities in a way that cannot be tracked.

Anonymous Coward says:

Re: Re: Re:2 Not technically necessary

That’s a good point that requires further research. One possibility is to always be connected to multiple cells with different identities, maybe multiple connections to each. Still, we should make the people tracking us actually work for it. It will be non-trivial to track a phone, if not difficult, and then they’ll still need to link it to an identity (well, for now, there are maybe a few cypherpunks doing anything like this, so it’s easy). The technology will need to be continually improved but let’s what already exists to start.

Anonymous Coward says:

Eye opening. Who would have though something personal like cellphone location data wouldn’t require a warrant? I feel like one of those animals wearing a radio transmitting collar. Except our collars are in our pockets instead of around our necks.

A minor difference. It feels totally wrong. I don’t agree people’s historical location records don’t deserve constitutional protections.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...