How 'Gongkai' Innovation Could Allow China To Leapfrog The West

Court Asked Why There's No Expectation Of Privacy In Cell Location Data, But An Expectation Of Privacy In The Cellphone Itself

from the warrants-warranted dept

Tue, Jan 6th 2015 8:57pm — Tim Cushing

The government continues to argue that the Third Party Doctrine trumps the Fourth Amendment. Almost any "business record" created intentionally or inadvertently can be had by the government without a warrant. Even if the citizen in question has no ability to control what's collected by third parties (without forgoing the service entirely) or is completely unaware that it's happening, the government claims records of this type have no expectation of privacy.

The US v. Quartavarious Davis case is currently being re-heard by an en banc panel of the Eleventh Circuit Court. AT&T has uncharacteristically stepped into the breach and offered its opinion that -- as a service provider that generates plenty of business records (including cell location data, the focal point of this case) -- these records should be granted an expectation of privacy and a warrant requirement.

The government, relying mainly on cases dating back a minimum of 35 years, has argued the opposite. And in this particular case, it argued that the defendant should have known his phone's location was being tracked by his service provider. It went so far as to assert that the records don't belong to the people that generate them -- the customers who purchase the phones and pay for the service. According to the government, those records belong to the business collecting them and, to only a slightly lesser extent, the government via warrantless access.

The defense has entered its reply to the DOJ's brief [pdf link] and it takes specific exception to the government's portrayal of how cell site location information is created. Contrary to the DOJ's assertions, it's rarely, if ever, a conscious process. It's not even limited to the times when cellphone users actively engage with their devices to make phone calls or send messages.

Nothing in Smith or Miller requires that individuals must choose between participating in the new digital world through use of their mobile devices and retaining the Fourth Amendment’s protections. Nor does Miller or Smith address how individuals interact with one another and with different data and media using mobile devices in this digital age. Location-enabled services of all types provide a range of information to their users. At the same time, mobile applications, vehicle navigation systems, mobile devices, or wireless services for mobile devices often collect and use data in the background. A mobile application may send or receive an update in the background, triggering a location data point stored in the device or sent to the application provider or the mobile service provider.

So, contrary to the DOJ's take, cell site location data often has little to do with actual phone calls. The government tries to portray this information as being no more private than call records, but nothing could be further from the truth. A cellphone doesn't even need to be in active use to generate location data.

And, even if it was limited to generating location data when calling, there's no active generation of location data happening here either.

When placing a call, a cell phone user affirmatively dials the digits of the phone number to be called, but does not affirmatively enter the device’s location coordinates. That location is nonetheless captured by the service provider.

The defense then points to the Supreme Court's recent Riley decision (warrant requirement to search cellphones incident to arrest) and notes that this ruling implicates all sorts of records stored by third parties, none of which the government can access without a warrant.

Riley’s discussion of the privacy interest encompassed by data kept on a business’s server, not just data maintained on the device itself, demonstrates that the government cannot evade the warrant requirement based on a claim that CSLI is a business record. When a trusted agent—the cell phone company—obtains personal data as part of its provision of essential service, and is then required by law to maintain the data, such data does not fall within the third-party exception to privacy rights. Cell phone users retain a reasonable expectation of privacy in data housed on a business’s servers. Cell phone users do not necessarily know what data resides on the device and what data is stored in the cloud “and it generally makes no difference” to the privacy interest. Id. at 2491. Even if data is actually located on a business’s server, individuals retain a privacy interest; it is still the individual’s “effects” despite being stored remotely on a computer owned by a business.

This intermingling of data, some knowingly created and a vast majority of it automated, should make demands for cell site location data subject to a search warrant requirement. At this point, it doesn't, but Davis' legal team makes a solid argument for why it should be.

The filing also takes a shot at the DOJ for attempting to edit a statement made by its own prosecutor during closing arguments -- a statement that undercuts its assertions about Davis' knowledge of the collection of location data.

3. Trial prosecutor’s closing argument that Davis did not know of tracking.

The government seeks to retract an evidentiary inference that it relied on to convict the defendant. No one likes to be hoisted by their own petard. But facts are stubborn things. And this case—unlike Madison—lacks, by the government’s own admission at trial, any case-based theory of waiver of privacy rights.

Here are the relevant paragraphs from the DOJ's filing.

In order to establish a Fourth Amendment search in these circumstances, Davis had to show two things: first, that he exhibited, by his conduct, an actual expectation of privacy in MetroPCS’s business records; and second, that any such expectation was objectively reasonable. He did not make either showing.

No evidence supports the conclusion that Davis manifested an actual expectation of privacy in the records MetroPCS made to document the use of its own cell towers. Davis may not satisfy his burden of proof by adverting to statements made by the prosecutor in closing argument. Those statements were not evidence. Nor do they help his cause. It is one thing to say that Davis probably did not know his phone company was lawfully making and keeping certain routing-related records of transactions to which it was a party; it is another thing to say that he actually expected that such records could not be disclosed to others.

The defense takes issue with this portrayal as well.

The record is devoid of any evidence that Davis, a teenager at the time who suffered from lifelong learning disabilities, knew anything about cell phone towers and how cell phones work, let alone that MetroPCS was recording his location whenever he made or received phone calls. Nor is it plausible to infer his understanding of cell phone company policies regarding location data, where the Chief Justice of the United States has acknowledged not reading privacy policies or terms of service. See Debra Cassens Weiss, Chief Justice Roberts Admits He Doesn’t Read the Computer Fine Print, A.B.A. Journal (Oct. 20, 2010). The government concedes that “the service contract and privacy policy governing Davis’s phone are not part of the record in this case.” Gov’t En Banc Answer Br. at 28 n.4.

A vast majority of Americans never read privacy policies, much less have a complete understanding of just how many "business records" the government can access without a warrant. While there may be some vague awareness that law enforcement can obtain phone records, etc., generally the perception is that some paperwork (a warrant) is involved. The DOJ attempts to portray those it brings charges against fully aware of these details, even while government officials freely admit they don't understand technology, the internet or the fine print inherent in the use of any service. Certainly, ignorance is no excuse but it's also not an indicator of culpability. These records are created with or without the knowledge of cellphone customers and the government has taken advantage of the massive influx of generated information by utilizing laws and rulings three decades removed from the current reality.

Davis Reply ca11 20141231 (PDF)Davis Reply ca11 20141231 (Text)

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, cellphone data, location data, privacy, quartavarious davis, third party doctrine

30 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 6 Jan 2015 @ 9:26pm

"the defendant should have known his phone's location was being tracked by his service provider."
Is that why there was such a shitstorm when people found out that Apple was tracking their location data? Because they all knew they were being tracked?
I get that Apple isn't their 'service provider' but I feel like the same thing applies.

"x should have known something that requires them knowing it in order to justify our argument that we should be allowed to abuse our power to do the thing."
Seems like bassackwards logic.
[ link to this | view in thread ]
beltorak (profile), 6 Jan 2015 @ 9:29pm

It seems to me that ...
... to say we have no expectation of privacy in the business records created by our phone usage is to say we have no expectation of privacy in the billing records created by our family doctor visits, or the administrative records from our library patronage.
[ link to this | view in thread ]
Anonymous Coward, 6 Jan 2015 @ 9:38pm

Re: It seems to me that ...
I think, in this day and age, we should have no expectation of privacy. Full stop.
[ link to this | view in thread ]
That One Guy (profile), 6 Jan 2015 @ 9:41pm

Re: It seems to me that ...
Now now, you're jumping ahead, eliminating those bits of privacy is for a later date, once they've totally eliminated the current privacy expectation such that they can argue that people no longer have a 'reasonable' expectation of privacy with regards to third-party information, due to a complete lack of expected privacy becoming the norm.
[ link to this | view in thread ]
That One Guy (profile), 6 Jan 2015 @ 9:43pm

Re: Re: It seems to me that ...
Well, that's what the government is constantly arguing anyway, that no-one has any expectation of privacy, and therefore there's nothing barring them from grabbing anything they can get their hands on.
[ link to this | view in thread ]
Anonymous Coward, 6 Jan 2015 @ 9:50pm

Re: Re: Re: It seems to me that ...
Have no expectation of privacy because government spying.
Government justifies spying by no expectation of privacy.
[ link to this | view in thread ]
AnonCow, 6 Jan 2015 @ 9:50pm

The defense of click-thru EULAs has been consistently challenged, but somehow the government has been able to use those same dodgy EULAs to avoid subpoenas in criminal investigations?

If a click-thru EULA can't deny me of my rights as a consumer, how can the same click-thru EULA abrogate my Constitutional protections?
[ link to this | view in thread ]
Anonymous Coward, 6 Jan 2015 @ 11:09pm

Re: Re: Re: It seems to me that ...
Only the government has an expectation of privacy.
[ link to this | view in thread ]
Padpaw (profile), 6 Jan 2015 @ 11:13pm

"We are above the petty laws we expect everyone else to follow"

Seems to be the governments default defense when they are exposed breaking the laws they enforce on everyone else
[ link to this | view in thread ]
Anonymous Coward, 6 Jan 2015 @ 11:59pm

The government forces phone companies to hold onto cellphone records for 5 years! There's no "business" related reason to retain 5 years worth of real-time location tracking data. What billing purpose does 5 year old location data serve?

Set the telcom systems up to automatically delete all the data logs after 30-90 days (call, text, location, web browsing history). Once the "business" records no longer serve a billing or operational purpose. Most telcoms bill monthly.

Unless of course these "business" records we're talking about is for mass spying and not for billing purposes. The government is using Section 215 as a pretext to try and legalize their unconstitutional mass spying agenda.

Proof of this is documents showing the NSA is collecting billions of location data records from around the world, daily. What "business" does that serve? The mass spying business of course!
[ link to this | view in thread ]
beltorak (profile), 7 Jan 2015 @ 12:02am

Re: Re: It seems to me that ...
I smell another word play buried in this line of thought. On the one hand we have "expect" as the assumed state of affairs (e.g.: I expect that it will be cold this winter - I consider it likely). On the other we have the definition that the government is using for "expect" as in what is demanded or required (e.g.: I expect this to be taken seriously - I demand no less).

So we can both be right at the same time. I can expect privacy, and I cannot expect privacy.

I reject your connotations, and substitute my own. I demand my privacy; unfortunately I assume that my government is violating it.

- https://www.wordnik.com/words/expect
[ link to this | view in thread ]
Anonymous Coward, 7 Jan 2015 @ 3:24am

Re: Re: Re: It seems to me that ...
Indeed. So why, oh WHY, does the government insist on privacy over their interations with the populace?
[ link to this | view in thread ]
Anonymous Coward, 7 Jan 2015 @ 5:07am

I always found it strange that some of the few third parties in which we have an expectation of privacy are library records and postal mail, both essentially run or managed by government.
[ link to this | view in thread ]
peter, 7 Jan 2015 @ 5:22am

Government expectation
I have had a conversation where someone could not understand why I could take a phone call on my mobile....when I was sailing in the Atlantic.

and the government expects us all the just know about cell phone operation and the data that may be collected?
[ link to this | view in thread ]
TruthHurts (profile), 7 Jan 2015 @ 5:43am

Government != Third Party
The problem with this argument is that once the Government has replaced the "third party's" equipment with their own, they fall upon their own petard.

ie - Government equipment isn't 3rd party and fails the 3rd party test. Government equipment isn't public, though paid for by public funds, and full constitutional protection is enabled.

Any data collected by the stingray device without a warrant specific to the person and reasoning for the data is illegal and unconstitutional.
[ link to this | view in thread ]
TasMot (profile), 7 Jan 2015 @ 5:50am

This is another case where the government wants it both ways. It wants to hide the use of the stingray cell site simulator under the pretense that they have a contractual non-disclosure agreement with the provider. However; citizens are not allowed to keep their agreement with the provider or the "business records" mandated to be kept by the government kept private. We need AT&T and Verizon to step up and update the shrink wrapped totally incomprehensible to a non-lawyer EULA to say that users actually expect privacy and the records can not be turned over without consent because of this-here non disclosure agreement.
[ link to this | view in thread ]
That One Guy (profile), 7 Jan 2015 @ 6:02am

Re:
At which point the NSA/DOJ/FBI steps in with an NSL, demands all the data anyway, and forbids the company from fighting back or even talking about it.

An updated EULA would only matter if the government agencies cared one whit for actually following the law, and respecting the rights of the public, neither of which they do.
[ link to this | view in thread ]
That One Guy (profile), 7 Jan 2015 @ 6:05am

Re: Re: Re: Re: It seems to me that ...
Well, based upon their favorite argument of 'If you've done nothing wrong, you have nothing to hide', the fact that they try and hide everything would seem to suggest pretty strongly that they're engaged in a whole lot of wrongdoing.
[ link to this | view in thread ]
TruthHurts (profile), 7 Jan 2015 @ 6:05am

Re: Government != Third Party
While slightly off topic to the current story, thought I'd still post that to this one as it carves away the same argument they make for using stingray devices, as well as the need to purge data not specific to the warrant.
[ link to this | view in thread ]
That One Guy (profile), 7 Jan 2015 @ 6:26am

Re: Re: Government != Third Party
Once they have the data, they don't need to bank on the insanely flawed Third Party Doctrine, because, again, they already have the data.

Is scooping up all that data themselves without a warrant illegal and unconstitutional? Sure, but good luck getting them to delete anything at that point, no matter what the courts rule.
[ link to this | view in thread ]
Pixelation, 7 Jan 2015 @ 7:40am

Now we know that once someone has had a peeping Tom any future peeping Toms are safe from prosecution.
[ link to this | view in thread ]
ltlw0lf (profile), 7 Jan 2015 @ 8:50am

Re:
I always found it strange that some of the few third parties in which we have an expectation of privacy are library records and postal mail, both essentially run or managed by government.

Actually, there is no expectation of privacy on the metadata collected by the post office. They know where you mailed a letter from and where it is going to, but not the contents (although, you can't really be sure of that.)

Libraries usually are managed at a local level. But I agree with you, they do tend to be an anomaly in all of this.
[ link to this | view in thread ]
John Fenderson (profile), 7 Jan 2015 @ 9:09am

Re: Re:
"Actually, there is no expectation of privacy on the metadata collected by the post office."

That's right. Also, they pull a bit of a PRISM here: almost every piece of mail sent has the front and back of the envelopes automatically photographed and those images are stored, just in case.
[ link to this | view in thread ]
Anonymous Coward, 7 Jan 2015 @ 9:53am

were mobile phones part of everyday life of citizens 35years ago? did anyone who had one of the first mobile phones, whenever that was, had any indication that they were being tracked and being logged at a certain position at the time? were there even any sort of fake cell towers, stingrays or whatever? if so, did any ordinary member of the public actually know about them?
the number of times that the government tries to use, in this digital age, laws, rules precedents and whatever that were made for and used during the non-digital age! to me, it just shows how pathetic the laws are, how pathetic those using (or trying to use them) are and how desperate the government and law enforcement are to know every single detail of every single person for every single second of every single day! talk about paranoid! jeez!!
[ link to this | view in thread ]
Anonymous Coward, 7 Jan 2015 @ 11:14am

Re:
Because terrorism, pedophiles, and, er... I dunno, Gödel's incompleteness theorems?
[ link to this | view in thread ]
Anonymous Coward, 7 Jan 2015 @ 3:14pm

If I don't pay for a plan or quit using my phone, what records are being created on my behalf about my location? I guess the info is mine then, since it is a work for hire.
[ link to this | view in thread ]
Anonymous Coward, 8 Jan 2015 @ 9:38am

Re:
As of yet, these have not actually been declared illegal as a group. While some individual ones have been thrown out, they have never been declared illegal as a group. Therefore, despite all the cases, they are still legally binding, aside from the ones thrown out.
[ link to this | view in thread ]
John Fenderson (profile), 8 Jan 2015 @ 10:02am

Re: Re:
"Therefore, despite all the cases, they are still legally binding"

It's more accurate to say that whether or not they're legally binding (as a group) is still undetermined.
[ link to this | view in thread ]
John, 8 Jan 2015 @ 11:13am

Re: It seems to me that ...
And why do you think all of our doctors have been forced to implement electronic medical records?
[ link to this | view in thread ]
albert, 5 May 2015 @ 3:03pm

Where is the MENTAL SCREENING of "law enforcement"?
[ link to this | view in thread ]