United States: "Oh, The Places You'll Go:" Mobile Geolocation Data And The 4th Amendment

Co-authored by Mary Griffin*

Early this month, the U.S. Supreme Court added Carpenter v. United States to the roster for consideration in the upcoming October term. Carpenter will mark the Court's first chance to address an important, as-yet unresolved question in the digital age: Does the Fourth Amendment require a warrant for law enforcement officials to obtain cell site location information, or CSLI, which reveal the location and movements of a cell phone user?

The case will address the tension between the Fourth Amendment and the Stored Communications Act, which Congress enacted as Title II of the Electronic Communications Privacy Act of 1986. The SCA specifies procedures that law enforcement may use to obtain certain records from third-party "electronic communication services" or "remote computing services." But it does not require a warrant. Since its enactment, third-party service providers have routinely cooperated with law enforcement requests to disclose—subject to certain statutory requirements—customer data. And notably the petitioner here does not attack the constitutionality of the SCA. Rather, Carpenter asks whether companies should require a warrant, supported by particularized findings of probable cause, before disclosing CSLI. This question has caused considerable doubt among service providers, which must balance responding to law enforcement demands for information with the privacy interests of their customers, and which also require a clear roadmap about what the appropriate procedures are.

The uncertainty among service providers responding to requests for customer information under the SCA is exacerbated by the existence of a significant circuit split concerning whether the Fourth Amendment applies to CSLI. There have been no fewer than 18 separate majority, concurring and dissenting opinions across five circuit courts on the issue, and courts have fractured over whether there is any "reasonable expectation of privacy" in CSLI and other customer data. Carpenter implicates three different strains of Fourth Amendment jurisprudence: (1) the third party disclosure doctrine, (2) the physical trespass doctrine, and (3) the distinction between content and non-content information. The case will have the Court decide whether these doctrines, which first arose in the pre-digital world, still have continuing vitality today. And it will allow the Court to consider whether the accumulation of data by third-party service providers—now commonplace—gives rise to any new privacy interests under the Fourth Amendment.

Background

In connection with the investigation of a series of armed robberies, federal prosecutors moved under the SCA for court orders requiring two cellular service providers to disclose 187 days of phone records, including CSLI, for petitioner Timothy Carpenter. Based on the CSLI, the government charged Carpenter with aiding and abetting robbery. Carpenter moved to suppress the evidence, but the district court rejected Carpenter's argument and held that the government's collection was not a Fourth Amendment "search." On appeal, the Sixth Circuit affirmed, holding (1) that the records did not disclose the contentof communications and thus were not entitled any Fourth Amendment protection; (2) that the disclosure of the records to third-party cellular providers defeated any "reasonable expectation of privacy" under the seminal case Katz v. United States, 389 U.S. 347 (1967); and (3) that the physical trespass doctrine—which the Supreme Court had revived in its recent Riley v. California, 134 S. Ct. 2473 (2014), and United States v. Jones, 565 U.S. 400 (2012), decisions—did not apply.

Concurring in the outcome on alternative grounds, one member on the panel, Judge Jane Branstetter Stranch, wrote separately to air her concerns about the Fourth Amendment tests that courts have applied in "this rapidly changing area of technology," especially in light of "the sheer quantity of sensitive information procured without a warrant."

The Old Ways Just Don't Work

Carpenter demonstrates the difficulty of applying the canonical tests under existing Fourth Amendment jurisprudence to the modern day. For example, there is the third party disclosure doctrine, which grows out of Katz's "reasonable expectation of privacy" test. For someone to have a reasonable expectation of privacy in a piece of information, (1) that person must subjectively exhibit an expectation of privacy and (2) that expectation must be objectively reasonable. The core concept is that people have no reasonable expectation of privacy in any information they disclose to third parties, because they already subjectively surrendered any such expectation with the fact of disclosure. Where the doctrine applies, you cannot even get past the first step of the Katz framework, and Katz has remained black letter law on the books for half a century now. But in the digital age, where persons passively disclose so much information about themselves (and their whereabouts) to third parties at all times, what reasonable expectation of privacy could possibly be left?

Or take the related distinction that the Fourth Amendment marks between content information and non-content information, such as addressing. The idea here is that a person has no reasonable expectation of privacy in non-content information, because that is frequently disclosed, either to third-party service provider or to the public more broadly. Consider, for instance, a package sent through the mail: its contents are unknown and thus the sender has a reasonable expectation of privacy in that. But all other information about the package—the return and target address, the amount of postage on it, its size, shape, and weight—is ascertainable by any mail carrier or member of the public that comes into contact with it. And so there is no reasonable expectation of privacy in that kind of information. On balance, CSLI appears closer to what courts have traditionally considered addressing or other non-content information: it does not tell you what a person said or did, it just shows you where a person was.

Finally, there is the trespass theory of the Fourth Amendment, which the Supreme Court resurrected in its recent cases dealing with technology. In Jones, the Court held that the unauthorized placement of a GPS tracker on a car for long-term surveillance triggered Fourth Amendment protections. Similarly, in Riley, the Court held that law enforcement needed a warrant to search a mobile phone. But this trespass notion does not appear to have any place in Carpenter either. Police did not track Carpenter, or break into his cell phone; they merely asked for records from a third party who kept them.

None of these doctrines apply cleanly. Still, given the accumulation of information, there is still some visceral notion that the Fourth Amendment should apply here. The only question is how?

How May Carpenter Resolve This Tension?

While the petitioner here did not request a full rejection of the third party disclosure doctrine, the Court may cull back on the third party disclosure doctrine. Chief Justice Roberts's majority opinion in Riley suggested that persons still have some reasonable expectation of privacy in sensitive information collected over mobile phones and stored by service providers. Similarly, Justice Sotomayor's concurrence in Jones warned against a strict application of the third party doctrine: "I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose, is for that reason alone, disentitled to Fourth Amendment protection." In both cases, the Court signaled that stringent adherence to Katz may stop making sense as technology evolves. But those cases both side-stepped the issue by instead turning to the doctrine of physical trespass, and that doctrine cannot sensibly apply to the facts of Carpenter.

It is also possible that the Court might create a new strain of jurisprudence based on the quantity of records requested. Such an approach would likely introduce certain issues of line-drawing, for instance, if a warrant is required for long-term tracking, while the SCA is sufficient for short-term. But, as Justice Samuel Anthony Alito's concurrence in Jones and Judge Stranch's concurrence in the Carpenter case point out, that might be appropriate. After all, in the modern era, it is not the disclosure of individual, isolated data points that seem problematic, but rather the accumulation of that data over time.

Which test will the Court apply? Service providers, and their customers, will have to wait until this October term to find out.

* Mary Griffin is a summer associate in Fenwick's litigation group.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.