Wednesday , 21 November 2018
Breaking News

Is Warrantless Access To Cell Site Info A Fourth Amendment Violation? A Primer On Carpenter v. US – Forbes

Carpenter v. United States has its origins in a string of armed robberies in Michigan and Ohio that occurred over a period of several months in late 2010 and early 2011. As part of the resulting criminal investigation, the government requested and received a court order to obtain what is often called “cell site location information” (CSLI) for the mobile phone owned by Carpenter, who was one of the suspects in the investigation. The CSLI information, which placed Carpenter’s phone at a location within several miles of the crime scenes, was presented along with video evidence and eyewitness testimony at a federal district court trial in which Carpenter was convicted. After the Sixth Circuit upheld the conviction, Carpenter appealed to the Supreme Court, arguing that the government’s warrantless acquisition of CSLI violated his Fourth Amendment rights.

The Carpenter case presents a set of interlocking issues at the intersection of technology and law. On the technology side, there is not only the question of what CSLI conveys and how that impacts privacy, but, by extension, the broader question of the enormous amount of data generated by our use of mobile phones, apps, and other digital devices and services. On the legal side, Carpenter involves the application of the Supreme Court’s 1970s-era third-party doctrine and a 1980s statute called the Stored Communications Act to twenty-first century devices in relation to privacy protections arising from a late eighteenth-century constitutional amendment. So, it’s a complex mix.

First, a primer on some of the technical issues: Mobile phones connect to the mobile network via what the CSLI acronym refers to as “cell sites” but that, in mobile network parlance are often called “base stations.” When you speak on a mobile phone, your voice is converted into digital form and then transmitted using radio signals to a nearby base station, which in turn routes it further along the path to a destination such as the mobile phone of the person you are speaking to.

In order to provide service, a mobile network operator sets up a network of base stations with the goal of ensuring that a mobile phone is always reasonably close to at least one base station. This is why you are able to have an uninterrupted mobile phone conversation even if you are in a car that is driving along a highway. As you move along the highway, your phone moves in and out of range of different base stations. During the conversation, the network works behind the scenes to conduct a series of “handoffs” that ensure your phone is always connected to a base station. Sometimes people refer to base stations as “cell towers” but that’s only a partially accurate description, since while some base stations are indeed mounted on large towers along freeways or atop large buildings, there are plenty of base stations that aren’t associated with towers at all, and are instead simply a collection of boxes and antennas mounted, for example, on telephone poles, and that serve a smaller area than tower-mounted base stations.

These details are important because CSLI refers to the list of the base stations that a mobile phone connects to. In a part of the network where the base stations are relatively far apart, CSLI provides only a very approximate estimate of the actual location of the phone. For example, it might be possible to know that the phone is within a mile or two of a particular base station, but that wouldn’t be enough to place the phone in a particular building, on a particular street, or even in a particular neighborhood. On the other hand, if the mobile phone happens to be connected to a base station that serves a much smaller area, that would provide correspondingly more accurate location information, though still typically not to the precision of a specific building or a particular street. (That said, when signals measured by multiple base stations are considered at the same time, it’s possible to use triangulation to get much more accurate location information than with a single base station alone. However, that technique is not at issue in Carpenter.)

Given these ambiguities, with respect to evidence in criminal investigations CSLI is often far more useful as an exculpatory mechanism than as a mechanism to establish guilt. After all, CSLI can help show that a suspect was dozens or hundreds of miles away from a crime scene. But it can’t generally establish that a suspect was actually at a crime scene. Even in the case where the suspect was actually in the building of interest when a crime occurred, CSLI can at best help show that the suspect, as well as perhaps thousands of other people, was within a few miles, or a half a mile, or a few hundred yards (the precision depends on the size of the area served by the base station in question) of the crime scene.

Although CSLI isn’t usually particularly specific, its warrantless access by the government raises legitimate privacy concerns. The issue is multifold. First, it’s reasonable to question whether a 1970s legal framework under which even the not-very-precise CSLI mobile phone tracking information collected by mobile phone operators is available to the government without a warrant remains, given today’s technology landscape, the correct legal framework. Second, what will occur as cell networks continue the trend towards smaller cells, which will make CSLI increasingly accurate? And there’s a third, more general question: If the Supreme Court rules that the warrantless acquisition of not-very-precise CSLI location information held by private companies raises no Fourth Amendment issues, what does that mean for the much more precise information collected and stored by companies that supply GPS-based apps?

And this brings us to the legal issues. In a pair of rulings in the 1970s, the Supreme Court articulated the “third-party doctrine.” As I explained in an Atlanticarticle a few years ago, “under that doctrine, if you voluntarily provide information to a third party, the Fourth Amendment does not preclude the government from accessing it without a warrant. More succinctly, as the Court wrote in [the 1979 Smith v. Maryland decision], you have ‘no legitimate expectation of privacy’ from warrantless government access to that information.” The applicability of the third-party doctrine in the digital era has been a long running subject of debate in the legal community, and there are extremely sharp legal thinkers on both sides of this issue. For a good overview of some of the differing perspectives, it’s worth reading this debate between GWU law professor Orin Kerr and Greg Nojeim, senior counsel at the Center for Democracy & Technology.

Yet another central aspect of the Carpenter case is statutory: The government obtained CSLI information under the Stored Communications Act, a 1986 statute providing that a “governmental entity may require a provider of electronic communication service or remote computing service to disclose” records using either a warrant, or, as occurred in the Carpenter case, using a court order issued “if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

And that is the question facing the Supreme Court in Carpenter: Did the government’s use of a court order under the Stored Communications Act to obtain CSLI violate Carpenter’s Fourth Amendment rights? Or, put another way, to the extent that the SCA allows the government to obtain CSLI without a warrant, is the SCA unconstitutional?

It’s tempting to conclude that the Court should simply declare that the third-party doctrine is no longer appropriate given the enormous amount of information we now provide to third parties through the use of smartphones, wifi hotspots, apps, and cloud-based services. But it would be oversimplistic to ignore the complexities that would be raised by a complete abandonment of the third-party doctrine. If information voluntarily conveyed to third parties is protected by the Fourth Amendment, what are the boundaries of that privacy interest? For example, it seems reasonable that, in a relative sense, we might have less of a privacy interest in coarser location information (such as information only accurate to several miles) and more of an interest in precise information, such as the building-level location information collected by GPS-enabled apps. But where do you draw the line on how precise is too precise?

There is also a time component: Tracking information that spans a continuous period of weeks or months raises far more concerns than tracking information that spans only a few minutes. Again, this raises a line-drawing question: How long is too long? And, there’s also a human/machine question: How does the extent of privacy protection given to information conveyed to third parties depend on the nature of the third party? With respect to the Fourth Amendment, is information voluntarily conveyed to a person different from information conveyed to the cloud, and if so, why and how?

These are not merely theoretical questions. When the Court issues its Carpenter decision, courts, government investigators, prosecutors, defense attorneys, and defendants will be seeking clarity regarding the bounds of the Fourth Amendment in relation to digital devices and data. Like many people, I believe that the third-party doctrine is insufficiently protective given all of the technology changes that have occurred since the 1970s, and that will occur in the coming years. In my view, that’s a pretty easy conclusion to reach. But it’s far harder to figure out how to revise the third-party doctrine in a way that both provides clarity and avoids a cascade of unintended consequences.

 

“>

On November 29, 2017, the Supreme Court is scheduled to hear argument in one of the most important digital privacy cases in recent years. Carpenter v. United Stateshas its origins in a string of armed robberies in Michigan and Ohio that occurred over a period of several months in late 2010 and early 2011. As part of the resulting criminal investigation, the government requested and received a court order to obtain what is often called “cell site location information” (CSLI) for the mobile phone owned by Carpenter, who was one of the suspects in the investigation. The CSLI information, which placed Carpenter’s phone at a location within several miles of the crime scenes, was presented along with video evidence and eyewitness testimony at a federal district court trial in which Carpenter was convicted. After the Sixth Circuit upheld the conviction, Carpenter appealed to the Supreme Court, arguing that the government’s warrantless acquisition of CSLI violated his Fourth Amendment rights.

The Carpenter case presents a set of interlocking issues at the intersection of technology and law. On the technology side, there is not only the question of what CSLI conveys and how that impacts privacy, but, by extension, the broader question of the enormous amount of data generated by our use of mobile phones, apps, and other digital devices and services. On the legal side, Carpenter involves the application of the Supreme Court’s 1970s-era third-party doctrine and a 1980s statute called the Stored Communications Act to twenty-first century devices in relation to privacy protections arising from a late eighteenth-century constitutional amendment. So, it’s a complex mix.

First, a primer on some of the technical issues: Mobile phones connect to the mobile network via what the CSLI acronym refers to as “cell sites” but that, in mobile network parlance are often called “base stations.” When you speak on a mobile phone, your voice is converted into digital form and then transmitted using radio signals to a nearby base station, which in turn routes it further along the path to a destination such as the mobile phone of the person you are speaking to.

In order to provide service, a mobile network operator sets up a network of base stations with the goal of ensuring that a mobile phone is always reasonably close to at least one base station. This is why you are able to have an uninterrupted mobile phone conversation even if you are in a car that is driving along a highway. As you move along the highway, your phone moves in and out of range of different base stations. During the conversation, the network works behind the scenes to conduct a series of “handoffs” that ensure your phone is always connected to a base station. Sometimes people refer to base stations as “cell towers” but that’s only a partially accurate description, since while some base stations are indeed mounted on large towers along freeways or atop large buildings, there are plenty of base stations that aren’t associated with towers at all, and are instead simply a collection of boxes and antennas mounted, for example, on telephone poles, and that serve a smaller area than tower-mounted base stations.

These details are important because CSLI refers to the list of the base stations that a mobile phone connects to. In a part of the network where the base stations are relatively far apart, CSLI provides only a very approximate estimate of the actual location of the phone. For example, it might be possible to know that the phone is within a mile or two of a particular base station, but that wouldn’t be enough to place the phone in a particular building, on a particular street, or even in a particular neighborhood. On the other hand, if the mobile phone happens to be connected to a base station that serves a much smaller area, that would provide correspondingly more accurate location information, though still typically not to the precision of a specific building or a particular street. (That said, when signals measured by multiple base stations are considered at the same time, it’s possible to use triangulation to get much more accurate location information than with a single base station alone. However, that technique is not at issue in Carpenter.)

Given these ambiguities, with respect to evidence in criminal investigations CSLI is often far more useful as an exculpatory mechanism than as a mechanism to establish guilt. After all, CSLI can help show that a suspect was dozens or hundreds of miles away from a crime scene. But it can’t generally establish that a suspect was actually at a crime scene. Even in the case where the suspect was actually in the building of interest when a crime occurred, CSLI can at best help show that the suspect, as well as perhaps thousands of other people, was within a few miles, or a half a mile, or a few hundred yards (the precision depends on the size of the area served by the base station in question) of the crime scene.

Although CSLI isn’t usually particularly specific, its warrantless access by the government raises legitimate privacy concerns. The issue is multifold. First, it’s reasonable to question whether a 1970s legal framework under which even the not-very-precise CSLI mobile phone tracking information collected by mobile phone operators is available to the government without a warrant remains, given today’s technology landscape, the correct legal framework. Second, what will occur as cell networks continue the trend towards smaller cells, which will make CSLI increasingly accurate? And there’s a third, more general question: If the Supreme Court rules that the warrantless acquisition of not-very-precise CSLI location information held by private companies raises no Fourth Amendment issues, what does that mean for the much more precise information collected and stored by companies that supply GPS-based apps?

And this brings us to the legal issues. In a pair of rulings in the 1970s, the Supreme Court articulated the “third-party doctrine.” As I explained in an Atlanticarticle a few years ago, “under that doctrine, if you voluntarily provide information to a third party, the Fourth Amendment does not preclude the government from accessing it without a warrant. More succinctly, as the Court wrote in [the 1979 Smith v. Maryland decision], you have ‘no legitimate expectation of privacy’ from warrantless government access to that information.” The applicability of the third-party doctrine in the digital era has been a long running subject of debate in the legal community, and there are extremely sharp legal thinkers on both sides of this issue. For a good overview of some of the differing perspectives, it’s worth reading this debate between GWU law professor Orin Kerr and Greg Nojeim, senior counsel at the Center for Democracy & Technology.

Yet another central aspect of the Carpenter case is statutory: The government obtained CSLI information under the Stored Communications Act, a 1986 statute providing that a “governmental entity may require a provider of electronic communication service or remote computing service to disclose” records using either a warrant, or, as occurred in the Carpenter case, using a court order issued “if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

And that is the question facing the Supreme Court in Carpenter: Did the government’s use of a court order under the Stored Communications Act to obtain CSLI violate Carpenter’s Fourth Amendment rights? Or, put another way, to the extent that the SCA allows the government to obtain CSLI without a warrant, is the SCA unconstitutional?

It’s tempting to conclude that the Court should simply declare that the third-party doctrine is no longer appropriate given the enormous amount of information we now provide to third parties through the use of smartphones, wifi hotspots, apps, and cloud-based services. But it would be oversimplistic to ignore the complexities that would be raised by a complete abandonment of the third-party doctrine. If information voluntarily conveyed to third parties is protected by the Fourth Amendment, what are the boundaries of that privacy interest? For example, it seems reasonable that, in a relative sense, we might have less of a privacy interest in coarser location information (such as information only accurate to several miles) and more of an interest in precise information, such as the building-level location information collected by GPS-enabled apps. But where do you draw the line on how precise is too precise?

There is also a time component: Tracking information that spans a continuous period of weeks or months raises far more concerns than tracking information that spans only a few minutes. Again, this raises a line-drawing question: How long is too long? And, there’s also a human/machine question: How does the extent of privacy protection given to information conveyed to third parties depend on the nature of the third party? With respect to the Fourth Amendment, is information voluntarily conveyed to a person different from information conveyed to the cloud, and if so, why and how?

These are not merely theoretical questions. When the Court issues its Carpenter decision, courts, government investigators, prosecutors, defense attorneys, and defendants will be seeking clarity regarding the bounds of the Fourth Amendment in relation to digital devices and data. Like many people, I believe that the third-party doctrine is insufficiently protective given all of the technology changes that have occurred since the 1970s, and that will occur in the coming years. In my view, that’s a pretty easy conclusion to reach. But it’s far harder to figure out how to revise the third-party doctrine in a way that both provides clarity and avoids a cascade of unintended consequences.

Let’s block ads! (Why?)


Source link

Share and Enjoy

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Email
Print