Supreme Court Must Protect Location Data

The Supreme Court has the chance to fix the discrepancy in privacy laws that means police don't need a warrant to access your phone's location data. It must take it, as the alternative is unthinkable.

SOCTUS 4th Amendment Protections for Locations Data
Paul Newham
By Paul Newham

[August 17 Update: Verizon has joined the growing chorus from the tech sector in support of bringing Fourth Amendment privacy protections up to date. More details at the end of the article]

Pop quiz: did you know that US authorities can use your cell phone records to track your precise movements for the past six months or more?

How about that, at intervals of 15 minutes or less, that data can pinpoint where you are to within half a mile, building up a detailed picture of where you work, where you shop, when you use public transport, where you go to unwind and even where you sleep?

Or that the authorities don’t even need to go before a judge to get a warrant before they access any of this information? That they can go straight to your cell phone carrier and demand they hand it over?

Scary, huh?

Later this year, the Supreme Court of the United States (SCOTUS) will have a chance to put this right. For the first time, it will rule on a case centering on the free access police and federal authorities have to your phone’s location data.

It will be asked to decide if this data should be given the same Fourth Amendment privacy protections as the contents of your home, the personal effects you carry, and the contents of your private communications, digital or otherwise.

In the interests of personal privacy and freedom, it must rule in favor. Here’s why.

Big Brother in your pocket

As things stand, if investigators want to view the messages you send on your cell phone, they need a warrant. If they want to get your location data from your cell carrier, they don’t need a warrant. From a privacy perspective, this makes no sense.

Location data can be used to build up a very in-depth picture of your movements, and give away sensitive details about your private life and personal relationships. A Supreme Court judge ruled as much back in 2012.

Summarizing why warrants should be required before authorities planted GPS tracking devices on suspects, Judge Sotomayor argued that location data could reveal a “precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”

Your smartphone generates a comprehensive record of your movements that reveals sensitive details about your private life and relationships

But it isn’t just GPS tracking devices which gather this kind of sensitive data about our movements. Whenever your phone sends or receives a message, or connects to 3G or 4G data, it connects to a phone mast. Data about the location of each mast and the time of connection is recorded by your carrier and stored, potentially for years.

In 2010, German politician and privacy campaigner Malte Spitz decided to expose just what information authorities could gather from phone signal tracking. He sued his carrier to hand over the data it held on him, and published it.

It amounted to almost 36,000 pieces of information, tracking his movements in great detail over six months. It showed which streets he had walked down, which shops he favored, even which bars he had sat in.

Authorities have used this loophole to track citizens’ movements for years. The Supreme Court now has the opportunity to draw a line in the sand and ensure location data is properly covered by US privacy laws.

United States vs Carpenter

The case set to be heard by SCOTUS judges is an appeal against the conviction of Timothy Carpenter for a spate of armed robberies in Detroit. Investigators built up their case against him using location data from his phone, which put him within half a mile and two miles of the scene of each robbery.

The American Civil Liberties Union (ACLU), which is acting as co-counsel for Carpenter, says that police were able to gather almost 13,000 individual pieces of data about Carpenter’s movements over 127 days.

This hugely detailed and invasive gathering of information about his movements was carried out without investigators ever having to establish probable cause, a cornerstone of the Fourth Amendment.

So, where was the Fourth?

The Fourth Amendment upholds “the right of the people to be secure in their persons, houses, papers, and effects,” protecting people and property from arbitrary and unjustified snooping from the authorities. In practice, a key part of this is the requirement for authorities to establish probable cause before they carry out invasive investigations.

In other words, they have to convince a judge of the likelihood that the evidence they uncover will prove wrongdoing before they go prying into people’s private lives.

It is on these grounds that the ACLU argues that the unregulated mass collection of location data by authorities, which takes place tens of thousands of times every year, should be ruled unconstitutional.

There is a huge discrepancy in privacy regulations caused by advancing technology that’s being intrusively exploited by law enforcement

However, US Appeals Courts have consistently failed to address the glaring discrepancy in privacy regulations. A number of similar cases have been thrown out on the basis of the so-called ‘Third Party Doctrine’. This idea dates back to two SCOTUS rulings from 1970. The principle established was that if you voluntarily share data with a third party, you cannot expect them to protect its privacy on your behalf, so the Fourth no longer applies.

Government attorneys have also used the 30-year-old Stored Communications Act to defend mass surveillance via tracking data. This Act states that authorities do not need to establish probable cause to access phone records.

Time to put it right

Communications technology in 2017 is very different to what it was in 1970 or in 1986. It is to say the very least a stretch to suggest that cell phone users ‘voluntarily’ share location information with their carrier when they use their device, a key requirement of the Third Party Doctrine. Connecting to a mast is a necessity for your cell service to work. No one volunteers to have data about each connection recorded, but carriers do it anyway.

When the Stored Communications Act was passed, phone records contained only a fraction of the information captured by today’s digital devices. At most you would get a list of numbers and the times they were called. That is very different to building up an in-depth picture of someone’s movements over several months from tens of thousands of connection records.

Technology advances are accelerating and the potential for abuse increasing: it’s time to act.

The Electronic Frontier Foundation (EFF) points out that the level of detail contained in these records is increasing exponentially. As more cell masts are erected, the modes of communication multiply and the technology becomes ever more sophisticated, data captured about our movements will paint increasingly detailed pictures.

The potential for authorities to abuse this kind of information is chilling. There have already been examples of authorities in other countries using cell mast data to identify people at public demonstrations and protests. What if you happened to be in the wrong place, at the wrong time, and found yourself falsely accused of a crime based on where your cell phone said you were?

It is time for the Supreme Court to act. Location data can no longer be considered of little consequence to privacy, and must be brought under the protection of the Fourth Amendment completely.

[August 17 Update: In a surprise move, wireless service provider Verizon is among fourteen of the biggest tech companies, including Google and Apple, in filing a brief to the Supreme Court supporting a ruling in favor. Verizon stands out in that actually holds the kind of data that is the subject of the ruling]