Today the Supreme Court announced it will review United States v. Carpenter, a case involving long-term, retrospective tracking of a person’s movements using information generated by his cell phone. This is very exciting news in the world of digital privacy. With Carpenter, the Court has an opportunity to continue its recent pattern of applying Fourth Amendment protections to sensitive digital data. It may also limit or even reevaluate the so-called “Third Party Doctrine,” which the government relies on to justify warrantless tracking and surveillance in a variety of contexts. EFF filed an amicus brief urging the Supreme Court to take Carpenter and a related case, so we’re hopeful the Court will rule in favor of strong constitutional protections.
The petition for certiorari in Carpenter came after a very disappointing ruling from the Sixth Circuit Court of Appeals. It was joined by Graham v. United States from the Fourth Circuit. The question in these cases is whether the Fourth Amendment requires the government to get a warrant before it can access historical cell site location records held by a service provider like AT&T or T-Mobile. In both cases, as in several other cases we’ve covered in the past, deeply divided appellate courts held the government does not need a warrant. This is a big term for these issues at the Supreme Court: In addition to Graham and Carpenter, the Court is also considering petitions involving real-time tracking of a cell phone and other surveillance techniques that raise similar Fourth Amendment questions.
The Fourth Amendment in an Age of Ubiquitous Connected Devices
The cell site cases are important because where we travel can reveal very sensitive details about our lives. As Justice Sotomayor noted in her concurring opinion in United States v. Jones [.pdf], location information can provide the government with a “precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.”
The sheer volume of data the government had access to in Carpenter and Graham—three to four months in Carpenter and more than seven months in Graham—far eclipsed the 28 days of surveillance at issue in Jones. And while CSLI—records of cell phone towers your phone connects to at a given time and date—is not currently as precise as information generated by the GPS tracking device in Jones, it is nevertheless revealing.
In Carpenter, the three to four months of CSLI data collected was precise enough for the government to convince a jury that the defendants were at each of the specific robbery locations. And, as we also noted in an amicus brief, the data was precise enough to place one of the defendants at church every Sunday. And in Graham, the 221 days worth of data officers obtained on the two defendants contained nearly 30,000 data points for each defendant—data that the ACLU discovered could reveal when the defendants were home and when they left home, when their travel patterns changed from the norm, and even that Mr. Graham’s wife was pregnant.
Despite the sensitive nature and sheer volume of this information, the appellate courts held that it wasn’t protected by the Fourth Amendment. The courts relied on a legal principle from two 1970s Supreme Court cases called the “Third Party Doctrine.” This principle holds that information you voluntarily share with someone else—whether that “someone else” is your bank (such as deposit and withdrawal information) or the phone company (the numbers you dial on your phone)—isn’t protected by the Fourth Amendment because you can’t expect that third party to keep the information secret.
We are not alone in believing the Third Party Doctrine is outdated. Justice Sotomayor has said the Third Party Doctrine “is ill suited to the digital age.” This is because we live in an era “in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.” We use cell phones to stay in touch with friends and family on the go, rely on GPS mapping technologies to find our way about town, and wear Fitbits to try to improve our health. It’s impossible to use any of these technologies without sharing data with third parties, but choosing to rely on 21st-century technology shouldn’t mean we have to relinquish our constitutional rights.
These cases have important ramifications for the future, especially as our phones generate more—and more precise—location information every year, which is shared with third parties. Although Graham and Carpenter involve only data generated when a phone makes or receives a call, future cases will also rely on location data generated every time our phones connect with cell towers to send and receive any kind of data. As more Americans have switched to smartphones, the amount of data transferred over wireless networks has increased significantly—2,400% between 2010 and 2015 alone. This has led to an increase in the number of cell towers—especially in cities—and will only ensure that CSLI becomes more and more precise.
Other increasingly popular technologies will force courts to consider these issues as well. For example, as we adopt and rely on “Internet of Things” technologies like smart lightbulbs and clothing that tracks our emotions and communicates directly with retail stores, these sensors and devices may constantly generate and share data about us with little to no volition on our part, other than, perhaps, the initial decision to purchase or use the device.
We think it’s more than time the Supreme Court stepped in to clarify that the Fourth Amendment applies to all of this data, and we hope Carpenter is the case it chooses to do so.