David LaBahn is president and CEO of the Association of Prosecuting Attorneys. As people have become more reliant on cellular devices, so too has law enforcement become more reliant on using the information contained on, or generated by, these devices to investigate crime. Increasingly, routine law-enforcement practice has been to request incidental-transmittal-cellphone data from cell-service […]
David LaBahn is president and CEO of the Association of Prosecuting Attorneys.
As people have become more reliant on cellular devices, so too has law enforcement become more reliant on using the information contained on, or generated by, these devices to investigate crime. Increasingly, routine law-enforcement practice has been to request incidental-transmittal-cellphone data from cell-service providers. The Washington Post recently reported that requests under 18 U.S.C. § 2703(d) have increased dramatically since 2014 in the District of Columbia alone. AT&T received over 75,000 requests from law enforcement between 2015 and 2016. Inevitably, the collection of such data by law enforcement has led to the introduction of the data as evidence in criminal trials.
In Carpenter v. United States, the government used historic cellphone-location-site information (CLSI), obtained pursuant to a Section 2703(d) order, for a period of 127 days to place the defendant, Timothy Carpenter, within a half-mile to two-mile area near the scene of the multiple robberies for which he was charged and later convicted. Carpenter filed an appeal claiming that the collection of his call location under Section 2703(d) violated his Fourth Amendment protection against unreasonable searches. His appeal was denied by the U.S. Court of Appeals for the 6th Circuit, and the Supreme Court agreed to review his case.
The U.S. Courts of Appeals for the 4th, 5th, 6th and 11th Circuits have each held that there is no right to privacy in cellphone data held by a carrier; the U.S. Court of Appeals for the 3rd Circuit has held that a federal magistrate has the option to require a warrant. The 4th, 5th, 6th and 11th Circuits have largely, and correctly, analyzed the application of the third-party doctrine. The third-party doctrine articulated in United States v. Miller states that a person enjoys no Fourth Amendment protection in information voluntarily conveyed to a third-party service provider and its employees in the ordinary course of business. In Smith v. Maryland, the Supreme Court recognized that people do not have a reasonable expectation of privacy in phone numbers dialed and records kept by a third-party phone company because phone numbers are information that is voluntarily conveyed to a phone company.
Carpenter relies on Riley v. California and United States v. Jones to limit the third-party doctrine’s application to CLSI. In Riley, there was no question that the officers were conducting a search of the contents of a phone. The question before the Supreme Court was whether the search of the phone and its contents fell within the search-incident-to-arrest exception to the warrant requirement. The court did not address the collection of aggregate data such as CLSI. Although Jones did concern the collection of location data, the majority opinion turned on the trespassory nature of the search, not the collection of the data itself.
The Riley court analyzed the government’s interests in searching the contents of a phone under the search-incident-to-arrest exception, which is intended to protect officer safety or to prevent evidence from being destroyed. The court found that those interests were, at best, minimally served by searching the contents of a phone. But a Section 2703(d) order seeks to obtain records of incidental transmission data rather than the contents of communications or other stored data on a phone. The court held in Ex parte Jackson that the outward weight and appearance of mailings – including the addresses and identity of both sender and recipient – were not private. The court similarly distinguished between the contents of a communication and incidental transmittal data in Smith. The U.S. Courts of Appeals for the 3rd, 9th and 10th Circuits have rejected the idea that the Fourth Amendment warrant requirement applies to non-content-transmittal data such as email addresses or IP addresses.
A phone company keeps records of cell communications, including CLSI, for the purposes of billing and to promote administrative and operational efficiency. Records include the time, date, phone numbers and CLSI information associated with the caller. These records are made and kept by the company in the company’s discretion and they are not subject to customer, or governmental, control. The phone company determines how long to keep the records before destroying or erasing them. The privacy right in such information differs substantially from the privacy right in the often deeply personal information contained in communications made or in the data on the phone itself. The location data is typically only collected when a call is placed or received and does not track real-time locations, usually only placing the caller within a general area in the past.
Opponents of the third-party doctrine’s applicability to cellphone transmittal data argue that cell-phone users do not voluntarily convey the transmittal data. This argument has gained some traction in the 3rd Circuit. In In re United States for an Order Directing Provider of Elec. Commun. Serv. to Disclose Records to the Gov’t, the court of appeals stated: “A cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way. … [I]t is unlikely that cell phone customers are aware that their cell phone providers collect and store historical location information.” However, the 5th Circuit stated in In re Application of the United States for Historical Cell Site Data, “[c]ell phone users, therefore, understand that their service providers record their location information when they use their phones at least to the same extent that the landline users in Smith understood that the phone company recorded the numbers they dialed.” The 11th Circuit in United States. v. Davis added, “Users are aware that cell phones do not work when they are outside the range of the provider company’s cell tower network.” And the 4th Circuit observed in United States v. Graham, “[w]hen an individual purchases a cell phone and chooses a service provider, he expects the provider will, at a minimum, route outgoing and incoming calls and text messages. As most cellphone users know all too well, proximity to a cell tower is necessary to complete these tasks. Anyone who has stepped outside to ‘get a signal,’ or has warned a caller of a potential loss of service before entering an elevator, understands, on some level, that location matters.” Furthermore, each subscriber agreement states that the phone company will collect data on the user. For example, AT&T, Verizon and Sprint all have clear and explicit terms in their respective privacy policies notifying customers that the company collects data, including location data, and will share it to comply with lawful requests from public agencies.
Critics of the third-party doctrine also point to the pervasiveness of the cellphone as a reason to exempt the device, and its transmittal data, from the reach of the doctrine. Judge Robin Rosenbaum of the 11th Circuit wrote in United States v. Davis, “[i]n our time, unless a person is willing to live ‘off the grid,’ it is nearly impossible to avoid disclosing the most personal of information to third-party service providers on a constant basis, just to navigate daily life.” In his dissent in Miller, Justice William Brennan observed that “the disclosure by individuals or business firms of their financial affairs to a bank is not entirely volitional, since it is impossible to participate in the economic life of contemporary society without maintaining a bank account.” Similarly, Justice Thurgood Marshall, dissenting in Smith, maintained that “unless a person is prepared to forgo use of what for many has become a personal or professional necessity he cannot help but accept the risk of surveillance.” Despite these privacy concerns, the majority ruled in Smith that any reasonable expectation of privacy was negated by the customer’s voluntary use of the third-party services.
Of course, the collection of CLSI has privacy implications, and is largely unpopular with the average citizen, but concerns about Orwellian “dragnet-type law enforcement practices” ignore the statutory limits on the reach of a Section 2703(d) order. Congress required that an independent magistrate review each request for a Section 2703(d) order, subjecting the request to more scrutiny than that brought to bear on a mere subpoena. Under 18 U.S.C. 2703(d), the law-enforcement agency is required to show “specific and articulable facts” that show “reasonable grounds” that the data sought are “relevant and material to an ongoing criminal investigation,” a standard that is akin to reasonable suspicion.
The Supreme Court should maintain the distinction outlined in Smith and Miller between the contents of communications and the incidental transmittal data voluntarily relinquished to and held by a third-party service provider. The rationale underlying the third-party doctrine still has great force today, and the court should not undermine or erode that established precedent with a CLSI carve-out. Societal concerns about the private nature of CLSI are better addressed by Congress, which has the expertise to account for fast-paced and unforeseen technological advances. After Miller was decided by the Supreme Court, Congress passed the Right to Financial Privacy Act, which allows banks and financial institutions to challenge a subpoena and narrows the scope of agency inquiry. Similarly, the requirements set forth in Section 2703(d) were imposed in direct response to the Smith pen-register case.
As Justice Anthony Kennedy cautioned in City of Ontario v. Quon, “[t]he judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear,” and “[p]rudence counsels caution before the facts in the instant case are used to establish far-reaching” Fourth Amendment implications. The Supreme Court should continue to exercise caution in Carpenter when precedent clearly establishes the proper legal analysis. Law-enforcement use of cellular data does indeed pose a question, but that question is not new. The court has “never equated police efficiency with unconstitutionality,” and it should continue to decline to do so.
Gabriel Garcia, an intern at the APA and an LLM candidate at American University Washington College of Law, contributed to this piece.