Privacy of Cell Location Data – Analysis of Carpenter Decision

 
July 18, 2018

In a closely watched decision, the United States Supreme Court recently held in Carpenter v. United States1 that government prosecutors must seek a warrant to obtain cell phone site location information from cell phone service providers. The decision is being hailed by some as a victory for privacy rights, and criticized by others for not going far enough to eliminate the Fourth Amendment “third-party doctrine,” a limitation on the warrant requirement’s application that some privacy scholars and advocates see as a barrier to developing a viable approach to the privacy issues raised by data-driven technologies in the 21st century.2 This On Point summarizes the Carpenter decision and discusses some of the potential implications of its reasoning. 

Carpenter’s Claim 

The Carpenter case arose from a criminal investigation and prosecution of members of a group suspected of robbing Radio Shack and T-Mobile stores in Michigan and Ohio.3 A cooperating witness provided the FBI with information it used to obtain cell phone location data for Timothy Carpenter and other robbery suspects.4 The government obtained the cell phone data through the use of subpoenas authorized by the Stored Communications Act,5 which allows the government to compel the disclosure of communications records when a judge is convinced that there are reasonable grounds to believe that the records sought are relevant and material to an ongoing criminal investigation.6

In response to the government’s subpoenas, Carpenter’s wireless carriers produced cell site location information for Carpenter’s cell phone for more than 100 days of use.7 Based on these records and other evidence, Carpenter was charged with six counts of robbery and related firearms offenses.8 At trial, armed with the cell phone companies’ location data, an FBI agent testifying as an expert witness explained that, “each time a cell phone taps into the wireless network, the carrier logs a time-stamped record of the cell site and particular sector that were used.”9 The agent used this location data to create exhibits intended to demonstrate that Carpenter was in the vicinity of four of the robberies around the times they were committed.10 Carpenter was convicted on all of the counts with which he was charged except for one of the firearm counts, and he was sentenced to more than 100 years in prison.11

Before trial, Carpenter moved to suppress the cell phone location information, claiming that the evidence was inadmissible because the government had obtained it without getting a warrant.12 The trial court denied this motion and Carpenter appealed the district court’s ruling after his conviction.13 The Sixth Circuit Court of Appeals affirmed the trial court’s decision, concluding that Carpenter failed to establish that he had a reasonable expectation of privacy in the location records because the records were not “his,” and disclosed only information that Carpenter had shared willingly with his wireless carriers.14 Accordingly, applying the Fourth Amendment’s “third-party doctrine,” the appellate court held the government did not need a warrant to compel production of the records.15 The Supreme Court granted Carpenter’s petition for certiorari and reversed the Sixth Circuit in a 5-4 vote. Chief Justice Roberts wrote for the majority; Justices Kennedy, Alito, Thomas and Gorsuch all dissented in separate opinions. 

The Supreme Court's Decision 

In the Supreme Court, Carpenter’s majority ruled that cell phone users had a reasonable expectation of privacy in the location records created by their service providers, and that the government therefore was barred from acquiring such records without a warrant.16 To reach this resolution, the Court had to resolve two primary issues. It first had to determine whether cell phone users have a reasonable expectation of privacy with regard to the location data generated by their phones and stored by their service providers. And, second, given who collects cell phone location information and how the data is collected, it had to decide whether the Fourth Amendment’s “third-party doctrine” provides a viable rationale for exempting government access to such data from the warrant requirement. 

Cell Phone Location Data and Its Impact on Privacy 

The Carpenter Court first had to determine whether allowing the government to access cell phone location information without a warrant raised constitutional privacy concerns. Since its decision in Katz v. United States17, to determine whether the Fourth Amendment protects a citizen’s privacy in a given situation, the Court examines both the subjective expectation the individual would have about keeping information private in the circumstances at issue, and whether society would accept his or her expectation as reasonable18. The Chief Justice noted in his Opinion for the Court that a majority of the Justices had agreed in earlier decisions that “individuals have a reasonable expectation of privacy in the whole of their physical movements.”19 The question before the Court in Carpenter, then, was whether allowing government access to information about the movements of cell phone users would threaten any liberty interests protected by the Fourth Amendment. 

In its analysis, the Carpenter Court focused on two of these interests. It observed, first, that the warrant requirement is meant to secure “the privacies of life” against exercises of “arbitrary power” by the government.20 And, second, it noted that the Amendment’s protections also are intended to serve what the Court referred to as “a central aim of the Framers”—that is, “to place obstacles in the way of a too permeating police surveillance.”21 In the view of Carpenter’s majority, allowing the government access to the detailed data about users found in the location data collected by cell phone companies posed a significant threat to these interests. 

The Court found that cell phone location technology raised issues similar to those it encountered in United States v. Jones, where it held that the government needed a warrant to attach a GPS device to a suspect’s car.22 Comparing cell phone location information to the data provided by GPS tracking, the Court found that location information data also was “deeply revealing.”23 Like GPS surveillance, cell phone location records provide an unparalleled view into the lives of anyone who is subject to such surveillance.24 When the government is able to track a person’s movements by cell phone, the Court asserted, “it achieves near perfect surveillance, as if it had attached an ankle monitor to the phone’s user.”25 In its view, using location data to map a user’s movements over an extended period of time: 

provides an all-encompassing record of the [cell phone] holder’s whereabouts. As with GPS information, the time-stamped data provides an intimate window into a person’s life, revealing not only his particular movements, but through them his “familial, political, professional, religious, and sexual associations.” These location records “hold for many Americans the ‘privacies of life.’”26

The Court found, moreover, that cell location technology is not only relentless in its recording of user location data, but also precise, and that its accuracy is improving with time.27 To make this point in Carpenter, the Chief Justice compared the cell phone system’s “memory” to that of a human witness: “Sprint Corporation and its competitors are not your typical witnesses. Unlike the nosy neighbor who keeps an eye on comings and goings, they are ever alert, and their memory is nearly infallible.”28 The technology’s accuracy in recording a user’s movements is aided by the habits of cell phone owners themselves, who “compulsively” carry their devices with them all the time, everywhere they go: “A cell phone faithfully follows its owner beyond public thoroughfares and into private residences, doctor’s offices, political headquarters, and other potentially revealing locales.”29

The government argued in Carpenter that cell phone location data and GPS tracking should be treated differently under the law because GPS technology is more precise,30 but Carpenter’s majority was not convinced by this distinction. One of the obstacles the government faced in making this argument was the Court’s familiarity with the capabilities of cell phones from its decisions in earlier cases. More specifically, the Chief Justice had written about the ability to track cell phone users’ movements through their phones in Riley v. California, where the Court held that the government needs a warrant to search cell phones.31 In Riley, Chief Justice Roberts noted specifically that data from cell phones could “reveal where a person has been. Historic location information is a standard feature on many smart phones and can reconstruct someone’s specific movements down to the minute, not only around town but also within a particular building.”32

In Carpenter, the Court concluded that cell site records presented “greater privacy concerns” than GPS monitoring because cell phones allowed service providers to track users even after they left their vehicles, to more private venues.33 In addition, the Court predicted that cell location technology’s accuracy would only increase with the passage of time, and that even now it was “rapidly approaching GPS-level precision.”34 Given these capabilities, the Court concluded, prosecutorial access to this tool without sufficient judicial supervision would risk “government encroachment of the sort the Framers, ‘after consulting the lessons of history,’ drafted the Fourth Amendment to prevent.”35

The Third-Party Doctrine’s Application 

The question of primary interest in this case to those concerned with privacy issues was how the Court would apply the third-party doctrine to cell phone location data. The third-party doctrine essentially exempts certain kinds of business records from the warrant requirement.36 As the Supreme Court has explained, the doctrine had its origin in the idea that “an individual has a reduced expectation of privacy in information knowingly shared with another.”37 In other words, the courts presume that users of certain kinds of property or technology understand that as a consequence of using these instruments, they are sharing information about themselves with third parties. 

The financial records at issue in United States v. Miller,38 one of the seminal cases on the third-party doctrine, provide an example of how the rule was developed and applied by the federal courts. When customers use checks to pay for things, or use deposit slips or other records to do business with their banks, those customers presumably know that the retailers, banks and other businesses with whom they interact will keep their own records of the transactions, giving these institutions access to the financial information the records contain. The customer is held, therefore, to have “assumed the risk” that the bank or other institution might share information from the records with others, including law enforcement.39 Thus, under the third party doctrine, government access to these records does not constitute a search because the records are not the property of the person being investigated.40

Preserving access to these kinds of materials through subpoena is important to law enforcement authorities. In his Carpenter dissent, Justice Kennedy detailed the “wide variety of records” the government obtains by use of subpoenas, noting that they are used to gather the evidence necessary to support, among other investigative objectives, probable cause determinations.41 In its Carpenter briefing, the government characterized the use of subpoenas to obtain cell phone location information as consistent with standard investigative practice and settled Fourth Amendment precedent on business records.42 They argued that because cell phone use is a voluntary activity that produces information collected in records controlled by the phone service provider, the third party doctrine should bar Carpenter’s claim that a warrant was required.43 Other courts had reached the same conclusion on the issue, although at points judges had expressed concerns about the doctrine’s application to cell phone location data.44

These arguments failed to persuade Carpenter’s majority, which refused to apply the third party doctrine to cell phone location information.45 The Court rejected the idea that the detailed data generated about cell phone users’ movements disclosed through such records is either “volunteered” or “shared” with the service provider collecting it. First, the Court believed that it was erroneous to characterize cell phone use as a “voluntary” activity because of how commonplace and even necessary such devices have become to our modern existence. In the Court’s view, having a cell phone is, rather than a matter of choice, “‘such a pervasive and insistent part of daily life’ that carrying one is indispensable to participation in modern society.”46

Second, the Court did not see cell phone users as having actually “chosen” to share data about their location at any given time with their providers.47 Realistically, the Court saw users as having no real choice in how their providers generate or maintain such information: 

[A] cell phone logs a cell-site record by dint of its operation, without any affirmative act on the part of the user beyond powering up. Virtually any activity on the phone generates CSLI, including incoming calls, texts, or e-mails and countless other data connections that a phone automatically makes when checking for news, weather, or social media updates. Apart from disconnecting the phone from the network, there is no way to avoid leaving behind a trail of location data. As a result, in no meaningful sense does the user voluntarily assume the risk of turning over a comprehensive dossier of his physical movements.48

What Has Carpenter Changed? 

How has the law governing the government’s use of third-party data for surveillance purposes changed because of the Carpenter decision? The decision’s immediate result is to make it harder for the government to get access to the historical records of cell phone users’ movements available through cell phone location technology. In holding for the defendant, the Carpenter Court essentially concluded that it threatens Fourth Amendment rights to allow the government to use cell phone company location data to re-trace a person’s movements for extended periods of time without the judicial supervision provided by the warrant requirement.49 The Court also made clear that its concern for protecting cell phone users’ privacy applies “[w]hether the Government employs its own surveillance technology . . . or leverages the technology of a wireless carrier.”50 In other words, at least with regard to cell phone location data, the Court has concluded that the government’s use of such data, even though it is generated by a private company, provides a powerful tool for observing the behavior of citizens the government suspects of criminal activity—a weapon that they have decided is too effective to be employed by prosecutors without the kind of judicial oversight required under the Fourth Amendment. 

As time goes on, courts will in all probability be asked to consider whether Carpenter’s reasoning is broad enough to support defendants who challenge the government’s right to access information other than location data without a warrant. Concerns about the threat to personal privacy posed by government access to the mass of data maintained by private companies on users of communications technologies predates the Carpenter decision. For example, citing concerns about potential abuse of such information, Justice Sotomayor suggested in her Jones concurrence that “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.”51 Indeed, commentators have argued for some time that unfettered or inadequately regulated government access to the products of corporate monitoring of Internet usage by the general population presents challenges to individual privacy rights that are inadequately addressed under current Fourth Amendment law, and that the third-party doctrine in particular is out-of-sync with the demands on personal privacy made by modern technology.52

Similar concerns were expressed by Justice Gorsuch in his Carpenter dissent, where he questioned the wisdom of continuing to apply the third-party doctrine in our current data environment. Arguing that the Court has “never offered a persuasive justification” for the third-party rule, Justice Gorsuch characterized the doctrine as “[a] doubtful application of Katz that lets the government search almost whatever it wants whenever it wants. The Sixth Circuit had to follow that rule and faithfully did just that, but it’s not clear why we should.”53 Justice Gorsuch ultimately dissented from the majority opinion in Carpenter because he disagreed with the majority’s approach to Fourth Amendment analysis, which he believes was fatally flawed because of its reliance on the Katz standard.54 But the Justice’s concerns about the ultimate viability of the third-party standard—which, as noted above, arise in part from his dissatisfaction with Katz as a rule of decision—could not be clearer.55

The importance of these questions from both a privacy and law enforcement perspective probably explains why the Carpenter Court emphasized that its decision should be seen as “a narrow one.”56 The Court deliberately limited its opinion to the specific question—and the specific technology—at issue in the case. The opinion makes clear that it should not be read as expressing “a view on matters not before [the Court].”57 There is nothing in the opinion to suggest that the Court was concerned in Carpenter with government access to any information collected other than cell phone location data. The Court expressly refused to overrule Smith and Miller, or to question other types of surveillance techniques or tools, or other kinds of business records “that might incidentally reveal location information.”58 The Court also made clear that its rulings were not meant to eradicate or alter existing exceptions to the warrant requirement in cases where exigent circumstances suggest the need for rapid government action.59 Overall, the majority cautioned that the courts have the obligation to “tread carefully” in cases involving technologies the Court would characterize as novel.60 All of these caveats suggest that broader readings of Carpenter’s holding would be, at the very least, premature. 

Still, the fact that a majority of the Court held in Carpenter that cell phone users have a constitutionally protected privacy interest in records of information about their activities collected and maintained by their service providers is a significant legal development from a privacy perspective. It is certainly true that the majority’s opinion can be read to suggest that the Court is not yet inclined to make broad pronouncements about the Fourth Amendment’s application in situations where the government seeks access to the massive amounts of data collected about the habits of those who use the Internet and other mass communications technologies. However, based on its decisions in Carpenter, Riley, Jones and other cases, the Court does appear willing to review Fourth Amendment objections to allowing the government warrantless access to information about users generated by particular technologies, once potential privacy problems related to the use of such technologies have been identified and have had the opportunity to be defined appropriately through lower court review. This manner of proceeding may not be fast enough for some, or comprehensive enough for others, but it appears to be the path with which a majority of the Justices, at least for now, is most comfortable. 

If this view is correct, then it would be fair to conclude that challenges to warrantless retrievals of data collected by other technologies, particularly technologies that provide information about the daily physical movements of individuals, are sure to follow Carpenter. How the Court will respond to these challenges remains to be seen. 

Footnotes 

1) 138 S. Ct. 2206 (2018).
2) Compare Paul Ohm, The Broad Reach of Carpenter v. United States, JUST SECURITY (June 27, 2018), https://www.justsecurity.org/58520/broad-reach-carpenter-v-united-states/ (“From now on, we’ll be talking about what the Fourth Amendment means in pre-Carpenter and post-Carpenter terms. It will be seen as being as important as Olmstead and Katz in the overall arc of technological privacy.”), with Daniel Solove, Carpenter v. United States, Cell Phone Location Records, and the Third Party Doctrine, TEACHPRIVACY: PRIVACY + SECURITY BLOG (July 1, 2018), https://teachprivacy.com/carpenter-v-united-states-cell-phone-location-records-and-the-third party-doctrine/ (“The Supreme Court should have overruled the Third Party Doctrine or at least carved out a greater chunk of it.”).
3) Carpenter, 138 S. Ct. at 2212.
4) Id.
5) 18 U.S.C. § 2703(d).
6) Carpenter, 138 S. Ct. at 2212.
7) Id.
8) Id.
9) Id.
10) Id. at 2213.
11) Id.
12) Id. at 2212.
13) Id. at 2212-13.
14) Id. at 2213
15) United States v. Carpenter, 819 F.3d 880, 884, 887-90 (6th Cir. 2016), rev’d and remanded, 138 S. Ct. 2206 (2018).
16) Carpenter, 138 S. Ct. at 2217, 2222.
17) 389 U.S. 347 (1967).
18) Carpenter, 138 S. Ct. at 2213.
19) Id. at 2217 (citing United States v. Jones, 565 U.S. 400, 415, 430 (2012)). 20) Id. at 2214 (internal quotation marks and citation omitted).
21) Id. (internal quotation marks and citation omitted).
22) Id. at 2216.
23) Id. at 2223.
24) Id. at 2216-17.
25) Id. at 2218.
26) Id. at 2217 (quoting, inter alia, United States v. Jones, 565 U.S. 400, 415 (2012) (Sotomayor, J., concurring)).
27) Id. at 2219.
28) Id.
29) Id. at 2218
30) Id; see also Brief for the United States at 24-28, Carpenter v. United States, 138 S. Ct. 2206 (2018) (No. 16 402) [hereinafter “Brief for the United States in Carpenter”].
31) 134 S. Ct. 2473 (2014).
32) Id. at 2490.
33) Carpenter, 138 S. Ct. at 2218.
34) Id. at 2219.
35) Id. at 2223 (quoting United States v. Di Re, 332 U.S. 581, 595 (1948)). 36) See Smith v. Maryland, 442 U.S. 735 (1979) (government’s use of a pen register was not a “search” within the meaning of the Fourth Amendment); see also United States v. Miller, 425 U.S. 435 (1976) (no legitimate expectation of privacy in contents of checks and deposit slips as they are intended for use for commercial exchanges and the user knows they will be seen by banks and other institutions in the course of their use).
37) Carpenter, 138 S. Ct. at 2219.
38) 425 U.S. 435.
39) See id. at 443 (“The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government.”).
40) Id. at 440-45.
41) Carpenter, 138 S. Ct. at 2228-29 (Kennedy, J., dissenting).
42) Brief for the United States in Carpenter, supra note 30, at 34.
43) Id. at 18-21; see also Carpenter, 138 S. Ct. at 2219-20. Justice Kennedy agreed with the government’s position on the doctrine in his Carpenter dissent, concluding that under Smith and Miller no “search” within the meaning of the Fourth Amendment occurred. Carpenter, 138 S. Ct. at 2226-29 (Kennedy, J., dissenting).
44) See, e.g., United States v. Graham, 824 F.3d 421, 438 (4th Cir. 2016) (adhering to rule but noting that “[a] per se rule that it is unreasonable to expect privacy in information voluntarily disclosed to third parties seems unmoored from current understandings of privacy”).
45) Carpenter, 138 S. Ct. at 2220.
46) Id. (quoting Riley v. California, 134 S. Ct. 2473, 2484 (2014)). Again, the Chief Justice’s description of the realities of cell phone usage in Carpenter appears to have been informed to some degree by conclusions he reached about how the devices were used in Riley. See Riley, 134 S. Ct. at 2490 (“[T]here is an element of pervasiveness that characterizes cell phones but not physical records. Prior to the digital age, people did not typically carry a cache of sensitive personal information with them as they went about their day. Now it is the person who is not carrying a cell phone, with all that it contains, who is the exception.”).
47) Carpenter, 138 S. Ct. at 2220.
48) Id. (quotation marks and citation omitted).
49) Id. at 2222-23. The Court expressly declined to decide whether the warrant requirement would apply when the government seeks access to cell site location data for something less than what the Court would view as an extended period of surveillance. See id. at 2217 n.3 (“[W]e need not decide whether there is a limited period for which the Government may obtain an individual's historical CSLI free from Fourth Amendment scrutiny, and if so, how long that period might be. It is sufficient for our purposes today to hold that accessing seven days of CSLI constitutes a Fourth Amendment search.”).
50) Id. at 2217.
51) United States v. Jones, 565 U.S. 400, 417 (2012) (Sotomayor, J., concurring).
52) See, e.g., Daniel Solove, 10 Reasons Why the Fourth Amendment Third Party Doctrine Should Be Overruled in Carpenter v. US, TEACHPRIVACY: PRIVACY + SECURITY BLOG (Nov. 28, 2017), https://teachprivacy.com/carpenter-v-us-10-reasons-fourth-amendment-third-party-doctrine-overruled/; Matthew Tokson, Automation and the Fourth Amendment, 96 IOWA L. REV. 581 (2011); Stephen E. Henderson, The Timely Demise of the Fourth Amendment Third Party Doctrine, 96 IOWA L. REV. BULL. 39 (2010-2011).
53) Carpenter, 138 S. Ct. at 2263-64 (Gorsuch, J., dissenting).
54) Id. at 2265-68.
55) See id. at 2264 (“[Overruling Smith and Miller] only risks returning us to its source: After all, it was Katz that produced Smith and Miller in the first place.”).
56) Id. at 2220 (majority opinion).
57) Id.
58) Id.
59) Id. at 2222-23.
60) Id. at 2220.

Subscribe to Dechert Updates