ADVERTISEMENT
Editor’s Note (06/22/18): Scientific American is re-posting the
following article, originally published November 28, 2017, in
light of the U.S. Supreme Court’s ruling that law enforcement
must first seek a warrant before obtaining historical cell phone
location records from phone companies.
A case before the U.S. Supreme Court on Wednesday will tell
a lot about how well the country’s privacy laws can protect
people in the digital age. Carpenter v. United States
specifically pits the privacy of information that wireless
devices share with their service providers—the towers or “cell
sites” devices connect to, the phone numbers they call and
answer, and the time and length of those calls—against law
enforcement’s authority to retrieve that data without a warrant.
Some background is helpful before diving into the case’s
implications. In April 2011 the FBI in Detroit nabbed four
suspects connected to a string of armed robberies at Radio
Shack and (somewhat ironically) T-Mobile stores in Ohio and
Michigan. One of the suspects later confessed and voluntarily
turned over his cell phone so agents could review his calls.
The FBI wanted more information about whom the suspect
had been speaking to on his phone around the time the crimes
were committed—but the bureau was unable to establish the
probable cause it needed to get a search warrant for the info
from his and his contacts’ wireless carriers.
However, federal magistrate judges determined the FBI had
presented “reasonable” evidence that those records would be
useful in its investigation, and they issued court orders under
the 1986 Stored Communications Act (SCA) to compel the
carriers to give the FBI that information. The main difference
between a search warrant and the court orders used in
Carpenter is that a warrant requires a higher threshold of proof
that a government search will result in evidence related to a
crime. The courts have decided that the government’s
collection of cell-site records—created and maintained by
defendants’ wireless carriers—is not a “search” under the
Fourth Amendment, which protects the content of messages
but not the metadata associated with their creation,
movement and storage.
Without a warrant—but with the SCA court order in hand—the
FBI compelled wireless carrier MetroPCS to provide about four
months of location records for a smartphone owned by
suspect Timothy Ivory Carpenter. The data identified the cell
towers that handled calls to and from Carpenter’s phone. The
FBI used that information to map 12,898 location points and
determine the phone’s approximate location during the armed
robberies—and found Carpenter had used his phone within a
kilometer or so of several scenes at the time of the crimes,
according to court records (pdf ).

RIGHT TO PRIVACY?

To get a signal so it can make or receive a call, a cell phone
establishes a radio connection with a nearby tower called a
cell site. As the user moves, the device constantly scans for
nearby towers for the strongest signal. That interaction
between cell sites and phones lets wireless carriers log and
store details including a call’s date, time and length. Carriers
also track the numbers involved, and the cell sites where a
call began and ended. Prosecutors used information about
Carpenter’s phone location and activity to help convict and
sentence him to more than 116 years in federal prison , mostly
over several gun violations.
Carpenter’s defense attorney Harold Gurewitz tried to get the
lower courts to exclude information obtained from MetroPCS,
arguing that the cell phone records could be seized only with a
warrant supported by probable cause. Carpenter’s information
was instead obtained in violation of the Fourth Amendment—
which, among other things, protects people in the U.S. against
“unreasonable searches and seizures”—Gurewitz said last
week at a press briefing ahead of the Supreme Court hearing.
Carpenter v. United States is about “location tracking made
possible by the devices we all carry with us,” American Civil
Liberties Union (ACLU) attorney Nathan Wessler said at the
press briefing. Wessler, who will represent Carpenter before
the Supreme Court this week, added that one of his concerns
is the government’s apparent message that there is little
reasonable expectation of privacy when a person signs up for
mobile phone service. As people continue to use their devices
to send and store more sensitive data—about their finances
and health records, for example—the courts must make sure
law enforcement is held to the probable cause standard
required to obtain a warrant, Wessler said.

POSSIBLE OUTCOMES

If the Supreme Court agrees with the lower courts’ rulings, it
could encourage law enforcement to rely increasingly on
warrantless court orders to access mobile data stored by
wireless carriers. If the Supreme Court reverses the lower
courts’ decisions and says a court-issued warrant is required
for any customer cell phone information to be handed out,
“then a very common practice will come to a screeching halt,”
says Fred Cate , distinguished professor of law at Indiana
University. This means there likely would be petitions to revisit
criminal cases that were decided based on cell phone data
obtained using the SCA, Cate warns, adding that the case “will
send a shock wave” regardless of how the Supreme Court
decides.
In a society saturated with cell phones “this case will likely
have broad implications,” agrees Brian Owsley , a University of
North Texas Dallas College of Law assistant professor and
former U.S. magistrate judge. A recent Supreme Court case—
United States v. Jones —determined that law enforcement
needed a search warrant to use a tracking device. In another
related case— Riley v. California —the court determined that
officers needed a search warrant to examine the contents of a
cell phone. Affirming Carpenter, however, would enable law
enforcement to obtain a vast amount of data and personal
information from people’s cell phones without a warrant,
Owsley adds.
It is difficult to know whether the Supreme Court’s decision in
the Carpenter case will be applied to forms of customer data
outside of mobile phones, Cate says. He thinks the only way
the court will address the notion that customers are voluntarily
surrendering control of their data to tech companies and
wireless carriers—known as the “third-party doctrine”—is if
they choose to specifically tackle that broader issue. Courts
have interpreted the third-party doctrine to mean that, by
sharing information or records with a company or some other
organization, a person gives up any reasonable expectation
that the information will remain private. More likely, Cate adds,
the court will limit its discussion and decision specifically to
stored data, because that is what is most relevant to the
Carpenter case.