Court Asked Why There's No Expectation Of Privacy In Cell Location Data, But An Expectation Of Privacy In The Cellphone Itself
from the warrants-warranted dept
The government continues to argue that the Third Party Doctrine trumps the Fourth Amendment. Almost any "business record" created intentionally or inadvertently can be had by the government without a warrant. Even if the citizen in question has no ability to control what's collected by third parties (without forgoing the service entirely) or is completely unaware that it's happening, the government claims records of this type have no expectation of privacy.
The US v. Quartavarious Davis case is currently being re-heard by an en banc panel of the Eleventh Circuit Court. AT&T has uncharacteristically stepped into the breach and offered its opinion that -- as a service provider that generates plenty of business records (including cell location data, the focal point of this case) -- these records should be granted an expectation of privacy and a warrant requirement.
The government, relying mainly on cases dating back a minimum of 35 years, has argued the opposite. And in this particular case, it argued that the defendant should have known his phone's location was being tracked by his service provider. It went so far as to assert that the records don't belong to the people that generate them -- the customers who purchase the phones and pay for the service. According to the government, those records belong to the business collecting them and, to only a slightly lesser extent, the government via warrantless access.
The defense has entered its reply to the DOJ's brief [pdf link] and it takes specific exception to the government's portrayal of how cell site location information is created. Contrary to the DOJ's assertions, it's rarely, if ever, a conscious process. It's not even limited to the times when cellphone users actively engage with their devices to make phone calls or send messages.
Nothing in Smith or Miller requires that individuals must choose between participating in the new digital world through use of their mobile devices and retaining the Fourth Amendment’s protections. Nor does Miller or Smith address how individuals interact with one another and with different data and media using mobile devices in this digital age. Location-enabled services of all types provide a range of information to their users. At the same time, mobile applications, vehicle navigation systems, mobile devices, or wireless services for mobile devices often collect and use data in the background. A mobile application may send or receive an update in the background, triggering a location data point stored in the device or sent to the application provider or the mobile service provider.So, contrary to the DOJ's take, cell site location data often has little to do with actual phone calls. The government tries to portray this information as being no more private than call records, but nothing could be further from the truth. A cellphone doesn't even need to be in active use to generate location data.
And, even if it was limited to generating location data when calling, there's no active generation of location data happening here either.
When placing a call, a cell phone user affirmatively dials the digits of the phone number to be called, but does not affirmatively enter the device’s location coordinates. That location is nonetheless captured by the service provider.The defense then points to the Supreme Court's recent Riley decision (warrant requirement to search cellphones incident to arrest) and notes that this ruling implicates all sorts of records stored by third parties, none of which the government can access without a warrant.
Riley’s discussion of the privacy interest encompassed by data kept on a business’s server, not just data maintained on the device itself, demonstrates that the government cannot evade the warrant requirement based on a claim that CSLI is a business record. When a trusted agent—the cell phone company—obtains personal data as part of its provision of essential service, and is then required by law to maintain the data, such data does not fall within the third-party exception to privacy rights. Cell phone users retain a reasonable expectation of privacy in data housed on a business’s servers. Cell phone users do not necessarily know what data resides on the device and what data is stored in the cloud “and it generally makes no difference” to the privacy interest. Id. at 2491. Even if data is actually located on a business’s server, individuals retain a privacy interest; it is still the individual’s “effects” despite being stored remotely on a computer owned by a business.This intermingling of data, some knowingly created and a vast majority of it automated, should make demands for cell site location data subject to a search warrant requirement. At this point, it doesn't, but Davis' legal team makes a solid argument for why it should be.
The filing also takes a shot at the DOJ for attempting to edit a statement made by its own prosecutor during closing arguments -- a statement that undercuts its assertions about Davis' knowledge of the collection of location data.
3. Trial prosecutor’s closing argument that Davis did not know of tracking.Here are the relevant paragraphs from the DOJ's filing.
The government seeks to retract an evidentiary inference that it relied on to convict the defendant. No one likes to be hoisted by their own petard. But facts are stubborn things. And this case—unlike Madison—lacks, by the government’s own admission at trial, any case-based theory of waiver of privacy rights.
In order to establish a Fourth Amendment search in these circumstances, Davis had to show two things: first, that he exhibited, by his conduct, an actual expectation of privacy in MetroPCS’s business records; and second, that any such expectation was objectively reasonable. He did not make either showing.The defense takes issue with this portrayal as well.
No evidence supports the conclusion that Davis manifested an actual expectation of privacy in the records MetroPCS made to document the use of its own cell towers. Davis may not satisfy his burden of proof by adverting to statements made by the prosecutor in closing argument. Those statements were not evidence. Nor do they help his cause. It is one thing to say that Davis probably did not know his phone company was lawfully making and keeping certain routing-related records of transactions to which it was a party; it is another thing to say that he actually expected that such records could not be disclosed to others.
The record is devoid of any evidence that Davis, a teenager at the time who suffered from lifelong learning disabilities, knew anything about cell phone towers and how cell phones work, let alone that MetroPCS was recording his location whenever he made or received phone calls. Nor is it plausible to infer his understanding of cell phone company policies regarding location data, where the Chief Justice of the United States has acknowledged not reading privacy policies or terms of service. See Debra Cassens Weiss, Chief Justice Roberts Admits He Doesn’t Read the Computer Fine Print, A.B.A. Journal (Oct. 20, 2010). The government concedes that “the service contract and privacy policy governing Davis’s phone are not part of the record in this case.” Gov’t En Banc Answer Br. at 28 n.4.A vast majority of Americans never read privacy policies, much less have a complete understanding of just how many "business records" the government can access without a warrant. While there may be some vague awareness that law enforcement can obtain phone records, etc., generally the perception is that some paperwork (a warrant) is involved. The DOJ attempts to portray those it brings charges against fully aware of these details, even while government officials freely admit they don't understand technology, the internet or the fine print inherent in the use of any service. Certainly, ignorance is no excuse but it's also not an indicator of culpability. These records are created with or without the knowledge of cellphone customers and the government has taken advantage of the massive influx of generated information by utilizing laws and rulings three decades removed from the current reality.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, cellphone data, location data, privacy, quartavarious davis, third party doctrine
Reader Comments
Subscribe: RSS
View by: Time | Thread
Is that why there was such a shitstorm when people found out that Apple was tracking their location data? Because they all knew they were being tracked?
I get that Apple isn't their 'service provider' but I feel like the same thing applies.
"x should have known something that requires them knowing it in order to justify our argument that we should be allowed to abuse our power to do the thing."
Seems like bassackwards logic.
[ link to this | view in thread ]
It seems to me that ...
[ link to this | view in thread ]
Re: It seems to me that ...
[ link to this | view in thread ]
Re: It seems to me that ...
[ link to this | view in thread ]
Re: Re: It seems to me that ...
[ link to this | view in thread ]
Re: Re: Re: It seems to me that ...
Government justifies spying by no expectation of privacy.
[ link to this | view in thread ]
If a click-thru EULA can't deny me of my rights as a consumer, how can the same click-thru EULA abrogate my Constitutional protections?
[ link to this | view in thread ]
Re: Re: Re: It seems to me that ...
[ link to this | view in thread ]
Seems to be the governments default defense when they are exposed breaking the laws they enforce on everyone else
[ link to this | view in thread ]
Set the telcom systems up to automatically delete all the data logs after 30-90 days (call, text, location, web browsing history). Once the "business" records no longer serve a billing or operational purpose. Most telcoms bill monthly.
Unless of course these "business" records we're talking about is for mass spying and not for billing purposes. The government is using Section 215 as a pretext to try and legalize their unconstitutional mass spying agenda.
Proof of this is documents showing the NSA is collecting billions of location data records from around the world, daily. What "business" does that serve? The mass spying business of course!
[ link to this | view in thread ]
Re: Re: It seems to me that ...
So we can both be right at the same time. I can expect privacy, and I cannot expect privacy.
I reject your connotations, and substitute my own. I demand my privacy; unfortunately I assume that my government is violating it.
- https://www.wordnik.com/words/expect
[ link to this | view in thread ]
Re: Re: Re: It seems to me that ...
[ link to this | view in thread ]
[ link to this | view in thread ]
Government expectation
and the government expects us all the just know about cell phone operation and the data that may be collected?
[ link to this | view in thread ]
Government != Third Party
ie - Government equipment isn't 3rd party and fails the 3rd party test. Government equipment isn't public, though paid for by public funds, and full constitutional protection is enabled.
Any data collected by the stingray device without a warrant specific to the person and reasoning for the data is illegal and unconstitutional.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
An updated EULA would only matter if the government agencies cared one whit for actually following the law, and respecting the rights of the public, neither of which they do.
[ link to this | view in thread ]
Re: Re: Re: Re: It seems to me that ...
[ link to this | view in thread ]
Re: Government != Third Party
[ link to this | view in thread ]
Re: Re: Government != Third Party
Is scooping up all that data themselves without a warrant illegal and unconstitutional? Sure, but good luck getting them to delete anything at that point, no matter what the courts rule.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Actually, there is no expectation of privacy on the metadata collected by the post office. They know where you mailed a letter from and where it is going to, but not the contents (although, you can't really be sure of that.)
Libraries usually are managed at a local level. But I agree with you, they do tend to be an anomaly in all of this.
[ link to this | view in thread ]
Re: Re:
That's right. Also, they pull a bit of a PRISM here: almost every piece of mail sent has the front and back of the envelopes automatically photographed and those images are stored, just in case.
[ link to this | view in thread ]
the number of times that the government tries to use, in this digital age, laws, rules precedents and whatever that were made for and used during the non-digital age! to me, it just shows how pathetic the laws are, how pathetic those using (or trying to use them) are and how desperate the government and law enforcement are to know every single detail of every single person for every single second of every single day! talk about paranoid! jeez!!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
It's more accurate to say that whether or not they're legally binding (as a group) is still undetermined.
[ link to this | view in thread ]
Re: It seems to me that ...
[ link to this | view in thread ]
[ link to this | view in thread ]