Another Federal Court Says No Warrants Needed To Obtain Historic Cell Site Location Info
from the personal-tracking-devices dept
The Supreme Court has yet to examine the issue of historical cell site location info(CSLI). It finally picked a case from the Sixth Circuit to review, years after the warrantless gathering of historic CSLI became a thing. So far, there's not a single court in the nation that's found historic CSLI to have an expectation of privacy. The Fourth Circuit Appeals Court briefly did, before reversing its own decision. The original decision had problems with the amount of CSLI gathered: 221 days worth. Upon further review, the court sided with the government and its Third Party Doctrine arguments.
This federal court decision from the Southern District of New York name-checks the pending SCOTUS review, but falls in line with every other decision in the federal court system. The defendant sought to suppress historic CSLI obtained without a warrant, arguing the collection of location data by cell companies is not the same thing as "voluntarily" turning these records over to a third party. (via Courthouse News Service)
From the decision [PDF]:
The relevant question here is whether Serrano voluntarily provided his location to his service provider such that he had no legitimate expectation of privacy in it. The complexity of that question is compounded by the public’s general ignorance regarding the mechanics of how cell phones function, the type of information collected by service providers every time a cell phone is used, or the scope and frequency with which such information is recorded. Serrano contends principally that the third party doctrine has no application to CSLI because it is “not knowingly and intentionally conveyed by the cell phone user to anyone but rather generated automatically by radio waves.” (Mot. at 15–16.) Serrano argues that cell phone users do not actively submit their location information to service providers, nor are they even aware that such information is recorded by service providers without their express consent.
The court disagrees with the defendant's assessment. While it does recognize cellphones are as omnipresent as air, the generation of location data is a necessary function of cell service. Customers -- even if they aren't familiar with the specifics -- do have a general idea their movements are being tracked by every cell tower they connect to.
Though cell phone users do not affirmatively disclose their location to service providers, or understand the breadth of information that is collected through a single phone call, they do know that cell service is necessary to activate their phones. At a minimum, when none of the service bars appear on the interface of a phone, users know that they are “outside the range of the provider company’s cell network.” And when they are in service, they understand that they must “transmit signals to cell towers within range, that the cell tower functions as the equipment that connects the calls, that users when making or receiving calls are necessarily conveying or exposing to their service provider their general location within that cell tower’s range, and that cell phone companies make records of cell-tower usage.” While most people may not be aware of a cell tower’s esoteric functions, they nevertheless understand that by simply placing a call or receiving a text message, they are voluntarily disclosing something location-based and are cognizant that such information will then be used by service providers for a variety of purposes.
The court then goes on to make the argument that even if users weren't voluntarily providing this data, the government would still be able to obtain it without a warrant because the information itself has no expectation of privacy.
However, that a person voluntarily discloses information to third parties does not end the Fourth Amendment inquiry. Privacy interests in such information may exist depending on their substance and nature. There is, of course, a difference between disclosing the phone numbers that are dialed to call someone and the details of a conversation arising from that call. Here, however, CSLI provides no details about a phone call other than the general vicinity where the user placed or received the call. Voluntarily disclosed location information corresponds not to the user’s precise location, but that of the nearest towers.
The court does seem to recognize the current jurisprudence on cellphone data can't remain the way it is now: tied to a 1979 decision (Smith v. Maryland) that predates (and could not have foreseen) the explosion in cellphone use.
It is almost as if cell phone users must relinquish some privacy interests—at least related to their location—as a prerequisite to using a device so embedded in everyday life.
As everything stands now, it's exactly that: cellphone users are generating tons of third party records that can be obtained without a warrant. This includes real-time and near-real time tracking of people's location through tower pings or cell site simulators. For the most part, courts have been extremely hesitant to erect warrant requirements for so-called Third Party records.
This needs to change. Privacy expectations have changed. While most people are aware certain records must be generated to ensure cell service, very few agree the government should be able to track their movements without a warrant, especially over a long period of time. In this case, thirteen MONTHS of cell site location info was obtained by law enforcement, putting the 221 days in the Graham case to shame. When the courts ask themselves what is "reasonable" in terms of expectations of privacy, they need to spend more time considering how much has changed in the world of communications since 1979.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 4th amendment, cell site location info, csli, location, warrants
Reader Comments
Subscribe: RSS
View by: Time | Thread
Well, sure. That's like a thousand White House communications directors ago.
[ link to this | view in thread ]
"This needs to change." -- Unless it's Google GRABBING your info without ANY consent or withholding possible. -- And now has your credit / debit records to collate too!
Seriou -- oh, appeals to reason never work here. -- Listen, re-writer: WHY WORRY ABOUT JUST THIS? Can't you ever be at all consistent and also worry about the biggest violators of privacy: Google and Facebook? Daily getting a thousand times as much data about you? Can't raise even a twinge of worry?
[ link to this | view in thread ]
Now, I think that doctrine is misguided and an affront to the 4th amendment but it is the current law. It's easy
[ link to this | view in thread ]
Kangaroo Courts and Federal Court Jesters
It is almost as if cell phone users must relinquish some privacy interests—at least related to their location—as a prerequisite to using a device so embedded in everyday life.
When cell phone users enter into an agreement with their cellular service provider it is a private business transaction between a business and a customer.
When a customer (ie cell phone users) uses their device and connects with their service providers network it is in the form of another private business transaction between business and customer.
What the petty authoritarian control freaks infesting the US government have done is interject the government into the middle of a private business transaction that it has no place being - especially with out articulable probable cause and a warrant signed by a judge/magistrate.
It is impossible to agree with the US governments defective belief that when a person voluntarily divulges private information during a business transaction they wave their unalienable rights.
Third party doctrine is a specious legal theory where unaccountable federal court jesters have arbitrarily decreed that any private business transaction they decide can be inspected by the US government for it's wholesomeness under the ridiculous assumption that when persons willingly conduct private business transactions and voluntarily exchange information it some how magically voids their unalienable rights.
Federal court jesters love specious legal theories (eg qualified/absolute immunity, third party doctrine etal) because they make expediency the watch-word of the "law".
Specious legal theories present "judges" with a legalistic form of deus ex machina that precludes the need for thought and examination when rendering a decision as they simply defer to the specious legal doctrine du jour - Constitution be damned.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
2. The Court's reasoning about a mobile user's expectation of privacy is silly and doesn't withstand the simplest analogy. That is, everyone also knows that when you're listening to for instance an FM radio that when you go out of range will you lose the signal. But no one thinks that the FM radio stations are tracking you. But, as has been pointed out, it's really the third party doctrine that encourages finding these sorts of loopholes.
[ link to this | view in thread ]
[ link to this | view in thread ]
Only possible way to remedy this
[ link to this | view in thread ]
"no expectation of privacy"
"While most people may not be aware of a cell phone’s esoteric functions, they nevertheless understand that by simply placing a call or receiving a text message, they are voluntarily disclosing their communications and are cognizant that such communications will then be used by service providers for a variety of purposes."
See how close what the judge said is to that? That's on purpose, for future use.
[ link to this | view in thread ]
Even the judge doesn't quite understand it.
Wrong. The connection information can be still collected without placing a single call or receiving a single message as long as the phone is powered on and connected to a cell. So, if the judge himself doesn't understand the system, how can he sit there, with a straight face, and proclaim that everyone else does?
[ link to this | view in thread ]
Warrants for some people, but not others?
[ link to this | view in thread ]
Re: Re:
Just like citizens united, i think they got it wrong but it's the official law of the land.
[ link to this | view in thread ]
Re: "This needs to change." -- Unless it's Google GRABBING your info without ANY consent or withholding possible. -- And now has your credit / debit records to collate too!
The government can send me to federal pound in the ass prison.
The government violating my privacy is far more concerning than Google showing me targeted adds
[ link to this | view in thread ]
stop using cell phones
[ link to this | view in thread ]
Re: "This needs to change." -- Unless it's Google GRABBING your info without ANY consent or withholding possible. -- And now has your credit / debit records to collate too!
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
and let us not forget that pizza is a vegetable.
[ link to this | view in thread ]
Re: Re: "This needs to change." -- Unless it's Google GRABBING your info without ANY consent or withholding possible. -- And now has your credit / debit records to collate too!
Well... sort of.
Microsoft has suggested to those of us creating ASP.NET web sites, that we drop the old web site authentication scheme in favor of OAuth. This is an open standard used by Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. Those folks will automatically be logged into your site if they've already logged into FaceBook, and vice versa.
Which sounds horrific from an security and privacy point of view, and the Wikipedia page backs this up. But then Microsoft's "suggestion" was rather forceful, with the tools needed to manage the old authentication scheme being removed from Visual Studio.
So from now on when you log into private company sites not in any way affiliated with Facebook or Google, it's... vague... how much they know about it. Especially if a Google or Facebook ad on a page in another tab notices that you've just been authenticated.
[ link to this | view in thread ]
you first, sir.
I don't mind the ruling if the judges prove consistency in their belief and release their phone calls and location history for the past thirteen months.
...
Don't want to? That's your private life? Yes, I thought so.
[ link to this | view in thread ]
Re:
The logic from which the Third Party Doctrine arises does seem largely impeccable, as far as I can see.
[ link to this | view in thread ]
Re: Only possible way to remedy this
Or just those of Supreme Court nominees.
[ link to this | view in thread ]