Court Asked Why There's No Expectation Of Privacy In Cell Location Data, But An Expectation Of Privacy In The Cellphone Itself

from the warrants-warranted dept

The government continues to argue that the Third Party Doctrine trumps the Fourth Amendment. Almost any "business record" created intentionally or inadvertently can be had by the government without a warrant. Even if the citizen in question has no ability to control what's collected by third parties (without forgoing the service entirely) or is completely unaware that it's happening, the government claims records of this type have no expectation of privacy.

The US v. Quartavarious Davis case is currently being re-heard by an en banc panel of the Eleventh Circuit Court. AT&T has uncharacteristically stepped into the breach and offered its opinion that -- as a service provider that generates plenty of business records (including cell location data, the focal point of this case) -- these records should be granted an expectation of privacy and a warrant requirement.

The government, relying mainly on cases dating back a minimum of 35 years, has argued the opposite. And in this particular case, it argued that the defendant should have known his phone's location was being tracked by his service provider. It went so far as to assert that the records don't belong to the people that generate them -- the customers who purchase the phones and pay for the service. According to the government, those records belong to the business collecting them and, to only a slightly lesser extent, the government via warrantless access.

The defense has entered its reply to the DOJ's brief [pdf link] and it takes specific exception to the government's portrayal of how cell site location information is created. Contrary to the DOJ's assertions, it's rarely, if ever, a conscious process. It's not even limited to the times when cellphone users actively engage with their devices to make phone calls or send messages.

Nothing in Smith or Miller requires that individuals must choose between participating in the new digital world through use of their mobile devices and retaining the Fourth Amendment’s protections. Nor does Miller or Smith address how individuals interact with one another and with different data and media using mobile devices in this digital age. Location-enabled services of all types provide a range of information to their users. At the same time, mobile applications, vehicle navigation systems, mobile devices, or wireless services for mobile devices often collect and use data in the background. A mobile application may send or receive an update in the background, triggering a location data point stored in the device or sent to the application provider or the mobile service provider.

So, contrary to the DOJ's take, cell site location data often has little to do with actual phone calls. The government tries to portray this information as being no more private than call records, but nothing could be further from the truth. A cellphone doesn't even need to be in active use to generate location data.

And, even if it was limited to generating location data when calling, there's no active generation of location data happening here either.

When placing a call, a cell phone user affirmatively dials the digits of the phone number to be called, but does not affirmatively enter the device’s location coordinates. That location is nonetheless captured by the service provider.

The defense then points to the Supreme Court's recent Riley decision (warrant requirement to search cellphones incident to arrest) and notes that this ruling implicates all sorts of records stored by third parties, none of which the government can access without a warrant.

Riley’s discussion of the privacy interest encompassed by data kept on a business’s server, not just data maintained on the device itself, demonstrates that the government cannot evade the warrant requirement based on a claim that CSLI is a business record. When a trusted agent—the cell phone company—obtains personal data as part of its provision of essential service, and is then required by law to maintain the data, such data does not fall within the third-party exception to privacy rights. Cell phone users retain a reasonable expectation of privacy in data housed on a business’s servers. Cell phone users do not necessarily know what data resides on the device and what data is stored in the cloud “and it generally makes no difference” to the privacy interest. Id. at 2491. Even if data is actually located on a business’s server, individuals retain a privacy interest; it is still the individual’s “effects” despite being stored remotely on a computer owned by a business.

This intermingling of data, some knowingly created and a vast majority of it automated, should make demands for cell site location data subject to a search warrant requirement. At this point, it doesn't, but Davis' legal team makes a solid argument for why it should be.

The filing also takes a shot at the DOJ for attempting to edit a statement made by its own prosecutor during closing arguments -- a statement that undercuts its assertions about Davis' knowledge of the collection of location data.

3. Trial prosecutor’s closing argument that Davis did not know of tracking.

The government seeks to retract an evidentiary inference that it relied on to convict the defendant. No one likes to be hoisted by their own petard. But facts are stubborn things. And this case—unlike Madison—lacks, by the government’s own admission at trial, any case-based theory of waiver of privacy rights.

Here are the relevant paragraphs from the DOJ's filing.

In order to establish a Fourth Amendment search in these circumstances, Davis had to show two things: first, that he exhibited, by his conduct, an actual expectation of privacy in MetroPCS’s business records; and second, that any such expectation was objectively reasonable. He did not make either showing.

No evidence supports the conclusion that Davis manifested an actual expectation of privacy in the records MetroPCS made to document the use of its own cell towers. Davis may not satisfy his burden of proof by adverting to statements made by the prosecutor in closing argument. Those statements were not evidence. Nor do they help his cause. It is one thing to say that Davis probably did not know his phone company was lawfully making and keeping certain routing-related records of transactions to which it was a party; it is another thing to say that he actually expected that such records could not be disclosed to others.

The defense takes issue with this portrayal as well.

The record is devoid of any evidence that Davis, a teenager at the time who suffered from lifelong learning disabilities, knew anything about cell phone towers and how cell phones work, let alone that MetroPCS was recording his location whenever he made or received phone calls. Nor is it plausible to infer his understanding of cell phone company policies regarding location data, where the Chief Justice of the United States has acknowledged not reading privacy policies or terms of service. See Debra Cassens Weiss, Chief Justice Roberts Admits He Doesn’t Read the Computer Fine Print, A.B.A. Journal (Oct. 20, 2010). The government concedes that “the service contract and privacy policy governing Davis’s phone are not part of the record in this case.” Gov’t En Banc Answer Br. at 28 n.4.

A vast majority of Americans never read privacy policies, much less have a complete understanding of just how many "business records" the government can access without a warrant. While there may be some vague awareness that law enforcement can obtain phone records, etc., generally the perception is that some paperwork (a warrant) is involved. The DOJ attempts to portray those it brings charges against fully aware of these details, even while government officials freely admit they don't understand technology, the internet or the fine print inherent in the use of any service. Certainly, ignorance is no excuse but it's also not an indicator of culpability. These records are created with or without the knowledge of cellphone customers and the government has taken advantage of the massive influx of generated information by utilizing laws and rulings three decades removed from the current reality.

Filed Under: 4th amendment, cellphone data, location data, privacy, quartavarious davis, third party doctrine