Court Says Cop Calling 911 With Suspect's Phone To Obtain Owner Info Is Not A Search
from the bring-on-the-cellphone-tracking-devices! dept
An interesting ruling out of Georgia states that an unconventional method to determine a cell phone’s owner is not a search under the Fourth Amendment. The appeals court decides [PDF] that the information obtained has no expectation of privacy.
Because Hill had no reasonable expectation of privacy in the information at issue – his own name, date of birth, and phone number – we agree with the state there was no search under the Fourth Amendment, and accordingly we reverse.
The background is this: James Brandon Hill exited a taxi cab without paying, leaving his phone behind. The cab driver reported this to the police and an officer dialed 911 to obtain the owner’s info. The court doesn’t touch the issue of abandonment — which would likely have made the search legal. But its decision that the method used to obtain this info isn’t a search seems to be a bit off.
While the information received may have had no expectation of privacy, an officer accessing a cell phone without a warrant is questionable under the Supreme Court’s Riley decision. As noted above, the warrantless search still likely would have survived a motion to suppress as the phone was abandoned in the cab. In fact, Hill does not challenge the seizure of the phone — only the search.
The Third Party Doctrine is in play here, what with this information being handed over to a service provider in exchange for phone service. The opinion quotes Orin Kerr in support of its Third Party Doctrine assertions.
Consistent with this distinction, we have held in a case involving a landline phone that the Fourth Amendment “protects only the content of a telephone conversation and not the fact that a call was placed or that a particular number was dialed.” Stephenson, supra, 171 Ga. App. at 939 (citation and punctuation omitted). See generally Orin S. Kerr, Applying the Fourth Amendment to the Internet: A General Approach, 62 Stan. L. Rev. 1005, 1019 (II) (A) (2010) (originating telephone number is non-content information analogous to return address on envelope).
But that applies only to phone call routing info, not the user’s personal information. It’s a good thing this citation isn’t a direct comparison because Orin Kerr doesn’t agree with the court’s decision on the search issue.
Held: Calling 911 from a phone is not a “search” because it only obtains non-content information about the phone that is not protected under Smith v. Maryland.
I don’t think that reasoning works, as it’s mixing up two different questions: (1) whether calling from the phone is a search of the phone, and (2) whether, once the call is placed, receiving the number dialed at 911 is a search of the number. I think calling 911 is a search because of (1), not because of (2). Calling 911 pushes out the number from the phone, and I think that forced revealing of the number should count as a search of the phone.
The decision’s implications go much further than this one-off case where an abandoned phone was discovered and “forced” to reveal user info by a law enforcement officer. Think Stingrays. From the opinion:
The fact that it was a law enforcement officer, rather than Hill, who placed a call from the phone does not change our conclusion that the information obtained was not subject to Fourth Amendment protection. Cases from other jurisdictions illustrate this point. In United States v. Skinner, 690 F3d 772, 777-778 (II) (A) (6th Cir. 2012), for example, the United States Court of Appeals for the Sixth Circuit held that law enforcement agents could take action to cause a cellular phone to emit information from which they could track it without running afoul of the Fourth Amendment, because the defendant did not have a reasonable expectation of privacy in the location data emitted from the phone.
If this isn’t a search, then the use of an IMSI catcher isn’t a search, even though it involves the manipulation of a person’s phone by law enforcement to obtain information otherwise not immediately obtainable.
As for the Riley decision, the court decides use of the phone is not the same as accessing the phone’s contents.
Here, in contrast to Riley, the officer did not access any files on Hill’s phone, which was protected by a passcode. He “did not attempt to retrieve any information from within the phone,” United States v. Lawing, 703 F3d 229, 238 (II) (A) (ii) (4th Cir. 2012), but instead used the phone in a manner that caused it to send Hill’s telephone number to a third party, the 911 dispatcher. We do not construe Riley to prohibit an officer in lawful possession of a cellular phone from placing a call on that phone in an attempt to obtain identifying information about its owner. Moreover, we do not construe Riley to recognize a legitimate expectation of privacy in identifying, non-content information such as the person’s own phone number, address, birthdate, simply because that information was associated with a cellular phone account rather than a landline phone account or a piece of physical mail.
While historical cell site location info is generally considered to be free of expectations of privacy under the Third Party Doctrine, real-time access of this same information is still under discussion in several courts. Making the argument that law enforcement manipulation of a person’s cell phone to extract information not otherwise immediately obtainable suggests that this particular court would look favorably on the use of Stingray devices to locate cell phones. After all, the phone’s location is a third-party record, even though it’s not a third-party record that isn’t normally obtainable as it’s being generated.
It’s a limited ruling from a state appeals court, but it still shows advances in surveillance tech will be granted a lot of leeway by judges because of a decision nearly four decades old at this point (Smith v. Maryland, 1979). Had the court come to the conclusion it was a search, it wouldn’t have saved Hill (because he abandoned his phone), but it at least would have recognized it’s one thing to obtain third-party records from a third party. It’s quite another when the government uses a closed loop to obtain the same info.
Filed Under: 4th amendment, calling 911, georgia, phones, search
Comments on “Court Says Cop Calling 911 With Suspect's Phone To Obtain Owner Info Is Not A Search”
This is nothing compared to 3D printing fingerprints
http://www.theverge.com/2016/7/21/12247370/police-fingerprint-3D-printing-unlock-phone-murder
Fair Use quote:
“law enforcement officers approached a professor at Michigan State earlier this year to reproduce a murder victim’s fingerprint from a prerecorded scan. Once created, the 3D model would be used to create a false fingerprint, which could be used to unlock the phone.”
The future is that no one in the Western World will have any security, any privacy or any redress
Re: This is nothing compared to 3D printing fingerprints
Stop using a fingerprint as your sole authentication method… it was never going to be secure by any stretch of the imagination.
Re: Re: This is nothing compared to 3D printing fingerprints
This.
Fingerprints have never been, and will never be, remotely secure enough to rely on for authentication. All but the most sophisticated scanners (which are large and expensive) can be easily spoofed by people with average skills and materials.
The sophisticated ones can be spoofed, too, but it takes more work and skill. Also, you’re not going to have one of those on cell phones in the near future.
Re: Re: Re: This is nothing compared to 3D printing fingerprints
Most people don’t appreciate the concepts of (or difference between) Identification, Authentication, and Authorization. Fingerprints can be fine for Identification, claiming you are someone, just like a username that may be public knowledge. But it’s not an Authentication and all the fingerprint scanners in the world seem to ignore that for ease of access.
It’s reminds me of those services that could charge fees to your account based solely on your phone number. Just because someone knows my publicly available identification info doesn’t mean that that 1) are me and 2) are authorized to make charges.
Re: This is nothing compared to 3D printing fingerprints
Security identifiers usually fall into three categories:
– Something you know (5th amendment vs. (“enhanced/extreme!”) interrogation)
– Something you have (pass card etc vs. theft)
– Something you are (biometrics incl fingerprints vs. 3d printers)
Depending on how much security might be required, you would use combinations or multiples of all three.
“Something you are” just got converted to “something you have” in one of the most common cases and I imagine there are a -lot- of quite comprehensive fingerprint databases out there. Not just Mission Impossible/Bond villian territory now; kind of a big deal. Next step, printing retina scans I guess.
Thanks for the link.
Re: Re: This is nothing compared to 3D printing fingerprints
And if a spoofer doesn’t have an image of your fingerprint in a database somewhere, it’s pretty easy to lift a usable print from something you’ve touched.
In many past successful attacks, the print was lifted from the scanner itself.
Re: Re: This is nothing compared to 3D printing fingerprints
Something you know (5th amendment vs. (“enhanced/extreme!”) interrogation)
– Something you have (pass card etc vs. theft)
– Something you are (biometrics incl fingerprints vs. 3d printers)
You missed one – something you can do – as in signatures.
Re: Re: This is nothing compared to 3D printing fingerprints
Fingerprints make terrible authenticators (passwords). Think of all the best password advice and then try to apply it to a fingerprint.
1) Don’t post it in plain sight
2) Don’t just use one password
3) Change your password if it is exposed
4) Don’t use dictionary words
5) Include numbers, capital letters and symbols
We leave your fingerprints all over the place every day. You’ve got 10 fingers, so you’ve got 10 passwords. What happens when you injure one or a company you’ve trusted has its database hacked? 9 passwords… The complexity of the hack is correlated with the complexity of the scanner, not the complexity of your finger print. Some scanners check only a few points and allow leeway to prevent failed scans. The “dictionary” is limited by scanner technology, which is out of your control, not by the “password” you select.
not a one-off case
Couldn’t find the recent case in California. However man broke into house, got in fight with the father and ran off. Daughter turned in the abandoned phone. Police called 911 to get the phone#, which traced back to the suspect’s mother.
Which also further led to an unsolved kidnapping the previous year.
If I recall right, appeal reason was the phone was lost, not abandoned.
Misuse of 911
Doesn’t this ultimately represent a misuse of the 911 emergency service? I realize that the person making the call was an officer, but theoretically, this was not an emergency necessitating use of the 911 service.
There are other ways to identify the owner of a phone without using it to make a phone call… the IMEI and SIM could have been used to contact the carrier and obtain the phone number and name of the owner. I’m guessing they wouldn’t have released that information without a warrant, and for good reason.
Re: Misuse of 911
This is clearly a misuse of 911 as well as a clear anti circumvention law being broken. Sue the hell out of the cop and everyone who found it to be perfectly fine.
One simple question: Why not get a warrant?
Re: Re:
that would take time when he can break the law now and not be held accountable because he is a cop.
Seems like it should be possible to argue on appeal that the 3rd-party doctrine doesn’t apply because the appellant didn’t release the information to a third party. It was only released to the third party by the officer, and the police should have a harder time arguing that they had the right to release the appellant’s private information to a third party without appellant’s consent than that they merely had probable cause to search the phone.
You missed a telling point here. What they have just said, is that the officer could call ANY number from the phone, and get identifying information from ANYONE.
Just as a for instance, they could call the last number dialed, and get the person answering to say anything, potentially implicating the owner – or the callee – in a crime.
Am IMSI catcher scans a private area for a pinging-back phone
Whereas calling 911 listens for the number-ping of a phone-in-hand.
In the first case, it’s a region being searched for a phone, and the question is if the police have grounds to search the territory.
In the second case it’s a phone being searched for info.
The phone is not giving much info, and this may be a contents of your pockets kind of matter, but it is a search of the phone.
The question in all these cases should not be whether or not it counts as a technical search, but whether an officer should be allowed to do this without a warrant.
Frankly it sucks for the guy skipping out on his fare that he forgot his phone. That smacks of stupid crime.
CFAA?
The cop used the phone without authorization from the own or a warrant. Wouldn’t that be a CFAA violation?
Re: CFAA?
ownER. Durrr.
Re: Re: CFAA violation
If a common civilian creating it, then yes.
But police officers have magical immunity in the form of Prosecutorial Discretion. Essentially the DA chooses who to take to court or not on crimes.
So it’s better to be chummy with the DA than it is to obey the law.
The ruling seems perfectly reasonable.
The police used the phone to do something it can do without password and without otherwise unlocking it. No debate here, all phones can make an emergency call. That information is “free”.
After that, getting the information from the carrier is a no brainer as well. The phone company has that information and they are generally more than willing to share it.
So there really isn’t much here, except perhaps a cop who is a little smarter than most taking advantage of technology to bring a criminal to justice.
Apparently, Techdirt hates it when criminals get arrested!
Re: Re:
Whined they guy who claimed that criminals would bring babies as shields if they didn’t regularly get flashbanged.
Non-content information?
Since when is a SIM card or its smartphone equivalent not content? Without that content, there would have been no point in calling 911 in the first place.
Anyway, obviously this isn’t the whole story because the only reason to call 911 instead of some officer’s mobile is because the phone has caller id suppression switched on (which does not work on 911). So obviously the phone owner took some care in not providing this information to arbitrary third parties.
Re: Non-content information?
It’s not content unless the data structures are copyrighted by a corporation and a consumer modifies them on their own device. Then it’s totes content.
Re: Non-content information?
No, the reason he called 911 is probably because the phone was locked – and the only thing you can do with a locked phone besides unlock it, is make an emergency call to 911 (mandated by law).
Re: Re: Non-content information?
Then the same law should put in explicit penalties for misusing the emergency call feature to conduct searches without a warrant.
Mandatory emergency features only work by consent of the affected parties. When they become a viable tool for circumventing the law, people have a legitimate reason not to want them. Like unencrypted communication.
No sympathy
I’ve got no sympathy on this one. He left his phone behind it wasn’t taken from him by the police.
It is really no different from the case of J Ealey who left his dog at the scene of the crime – all the police had to do was say “home boy!”
Re: No sympathy
So? Get a warrant before searching a phone. That’s not a high hurdle. It’s not a matter of sympathy but concerns all of our constitutional rights.
If the police can ignore the law whenever a suspect does not merit sympathy, we don’t need a Bill of Rights to start with. And of course, they will be called out mostly when illegal searches actually do find something bad. Because otherwise you won’t even get to know about most searches. So that’s the only opportunity to bring police back into respecting the law.
Re: No sympathy
Guilty people get equal protection under the law, that’s how we find out they’re guilty to begin with. Tossing all the law-abiding citizens under the bus with a terrible precedent to ‘get’ one scofflaw who sure as sh*t looks guilty is wholly unacceptable.
Re: Re: No sympathy
If it weren’t for the scofflaw’s squeals, we wouldn’t even know about all the law-abiding citizens thrown under the same bus.
Re: No sympathy
It’s not a question of having sympathy for the guy. I don’t have any, anyhow.
It’s a question of protecting us all from law enforcement abuses.
Re: Re: No sympathy
Perhaps the phrase “no sympathy” was a bit misleading – my real point was that in this case the phone was a piece of evidence left at the crime scene and the point of the search was to find the owner, so the situation is a little different from when the police stop someone and want to search his phone.
Do you think the police should have needed a warrant to say “home boy” to the dog?
Re: Re: Re: No sympathy
If the ruling had been something that would be limited to this case, you would have a point. As it is, however, the stated reasoning used in this ruling seems as if it would inevitably also apply to many other cases – ones where the reasons it’s not a significant problem here don’t apply.
I think what’s being bemoaned here is the precedent, not the outcome in this specific case.
Re: No sympathy
Easy come. Easy go. Little high. Little low.
(I resisted as long as I could.)
Well, you are searching for the owner…
‘no reasonable expectation of privacy’ is slowly becoming some kind of catch-all for allowing… everything. Any place outside your home.. any place inside your home where a camera or microphone can reach, including the ones in any device (smart-tv and such) that is in your house… any crevice your physician has been…
Winston Smith at least had this one corner in his house that the cameras couldn’t reach. But that might be described as a hack… a DMCA violation.
Re: Re:
no expectation of constitutional rights being honoured by the government.
Almost feels like a cold war between the US government and the US citizenry.
There are no laws anymore just frontier justice with a gun. Bonus points if you can figure out who the criminals are since a lot of them seem to be dressing up as cops.
Re: Re:
Andor Government employeesPoliticians.
Re: Re:
THERE’S the problem. People who believe in the cowboy way of doing things will do a cowboy job: shoot ’em up and sod off, leaving the rest of us to clean up the mess.
Upholding the rule of law needs to start with the enforcers of the law, which means they need to stop “enforcing their own brand of justice,” or whatever.
So where is the privacy switch in my phone? Wait, there is none by design, so I cannot prevent these searches. Once there is a switch, and I decide to keep info available then we can talk about expectation of privacy. Note, that private info is entirely irrelevant for the phone to operate and was inserted by manufacturers at gov,s request.
Re: Re:
In fairness, it is entirely possible to prevent these sorts of searches (on Android phones, anyway. I don’t know about iPhones). It does take extra knowledge and effort, though.
In this case, you can replace the lock screen with any of a number of alternatives, some of which allow you to remove the ability to make even 911 calls if the phone is locked.