Fifth Circuit Court Of Appeals Upholds Decision That Warrantless Cell Phone Tracking Doesn't Violate Fourth Amendment

from the sadly,-another-one-for-the-'unsurprising'-column dept

The ongoing court battle over warrantless cell phone location tracking continues and the latest decision is another setback for the Fourth Amendment. The Fifth Circuit Court of Appeals held that individuals have no reasonable expectation of privacy over their location data. The decision states that location data is a "business record" created by private companies with the implicit consent of cell phone users and therefore are not subject to privacy protections.

[C]ell site information is clearly a business record. The cell service provider collects and stores historical cell site data for its own business purposes . . . the government merely comes in after the fact and asks a provider to turn over records the provider has already created.
The rationale is that cell phone companies are not required by the government to create or retain this data and that citizens are not required by the government to carry or use cell phones, thus making this data subject to the Third Party Doctrine and removing any expectation of privacy.

This rationalization goes counter to the recent NJ Supreme Court decision (unrelated other than in subject matter), which found that location data should be subject to privacy protections for nearly the same reason. Although cell phones aren't in any way "mandatory," the court stated that no one uses a cell phone with the intent of creating a location-specific metadata trail for law enforcement to scoop up without a warrant.

The decision to declare cell phone location data "business records" also plays into the hands of intelligence agencies like the NSA and FBI, allowing them to harvest vast amounts of data on Americans without running the risk of violating their constitutional rights (at least, not according to these interpretations). The court also added that there is some form of recourse for citizens worried about their rights being violated -- but both suggestions are a dead end.
"But the recourse for these desires is in the market or the political process: in demanding that service providers do away with such records (or anonymize them) or in lobbying elected representatives to enact statutory protections."
As the ACLU points out, neither of these "remedies" are likely to result in additional privacy protections.
Regarding the first point, perhaps the court is unaware how opposed the cell phone companies are to even disclosing how long they keep subscriber data. It took a nation-wide public records act request campaign before we received a Justice Department information sheet on how long carriers keep such records. (According to the 2010 document, Verizon keeps historical cell phone records for "1 rolling year" while Sprint keeps them for "18-24 months.") There is no cell phone company that doesn't retain historical cell site location data, or even one that keeps it only for a short time. And anyway, our Fourth Amendment rights should not depend on the largesse of for-profit corporations.
As for pressing for Congressional change, the ACLU has been doing just that for years. (The federal statute the government uses to obtain cell phone location records was written way back in 1986 and hasn't been meaningfully updated since.) But the mere fact that some other branch of government could provide a remedy is no reason for courts to take a pass on protecting Americans' privacy.
Expecting corporations to protect your privacy is, for the most part, a non-starter, especially if these corporations can monetize the data in any way. Furthermore, how many people actually believe the government would allow cell phone providers to simply scrap the data (or anonymize it) once it's served it purpose (monthly billing, for instance), rather than retain it for months on end? Intelligence agencies and law enforcement would simply push for legislation and court orders to ensure this flow of data continues uninterrupted.

In a 25-page dissent, Judge James Dennis pokes holes in the majority's "business records" rationalization, quoting Justice Sotomayor's reservations about the majority's opinion in US vs. Jones:
[In future cases] considering the existence of a reasonable societal expectation of privacy in the sum of one’s public movements[,] . . . it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medications they purchase to online retailers. . . . I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.
By allowing law enforcement to access "business records" without a warrant, the Court opens up the possibility that these agencies will find a person's internet history, email and contact lists to be similarly devoid of Fourth Amendment protections. Saying one thing is a business record and one thing isn't only further obscures an aspect that needs clear delineation, one that would preferably draw the line before location data rather than attempt to determine which "parts" of a person's cell phone are subject to privacy protections.

We also have to ask why there's such an aversion to obtaining a warrant. In many cases, the information needed is historical. In other cases, when something more current or time-sensitive might be needed, there are emergency orders and other legal remedies (once in the courtroom) to allow some warrantless data collection to be admitted as evidence. The more these battles drag on, the more it appears that these agencies are benefiting from multiple interpretations of outdated laws, a benefit they'd clearly prefer to keep intact. This creates a path of least resistance, which becomes especially problematic when combined with the agencies' natural tendency to collect as much data as possible, "just in case."

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, business records, expectation of privacy, fifth circuit, gps, location tracking, phone tracking, privacy, third party doctrine

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. icon
    Nicholas Batik (profile), 31 Jul 2013 @ 8:39pm

    There is an implied contract with both public and private data

    The courts have already established that there are numerous venues within which you have no expectation of privacy. What is missing in this discussion is the implied contract that is associated with your public data, specifically that your public data is casual, random, limited, and segregated.

    It may be easiest to illustrate those with example:

    It is understood that if you venture into public you will be observed. No one expects privacy in that setting. You may encounter the same people in the same places, at the same times, or randomly at different times and venues, but you would become suspicious if you encountered the same person everywhere you went. You would probably suspect stalking.

    If that person recorded which lights turned on in the windows of your house, the order they turned on and their duration, when you opened and closed window shades, the time you entered and exited your house, where you went, what you bought, who you met, and so on, you would necessarily be worried. All that information is public, but it has crossed a threshold of limited, casual and random.

    It is understood that this behavior implies nefarious intent. Even if that person is a law enforcement officer, we have historically required reasonable suspicion of behavior, or a court order authorizing their collection of your public data on such a scale.

    If a store owner tracks your purchases to provide better service and try to better meet your needs, that is laudable. If he starts following you around the shopping mall to see what else you buy, that rapidly degrades into creepy behavior.

    We expect that grocery stores will track our grocery habits, the phone company will monitor our calling patterns, the credit card company will analyze typical and non-typical purchases to prevent fraud. Although all this data is ostensibly public, implied in this understanding is the segregation of that data. If the phone company started acquiring our grocery records, we would demand to know why, and act to put a stop to it.

    In order for the government to carry out its appointed tasks, it must obtain from its citizens specific personal data, that if disclosed, could result in loss of harm to that citizen. We entrust this information with the understanding that those in authority will take all necessary safeguards to protect it from disclosure or unauthorized use.

    When that same authority accumulates all our public data, from all of the available sources, combines that the private data of our financial and tax records, medical records, licenses, legal filings, driving records, political and religions affiliations, and all other disclosures, then it has far exceeded the authority issued by its citizenry.

    That it should then use this unprecedented store of information to identify and target individuals for propaganda and behavioral modification, as well as provide policing agencies the ability to observe and analyze the totality of every citizen's life for any and all activities that may be used to incriminate those individuals, for the entire duration of their lives, then it has crossed the boundaries of implied consent of both the public and private stores of data, and has ventured into realm of treason against its people.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.