Hey, FBI. Wanna track someone by cellphone? Get a proper warrant, says US appeals court

This one is going to the Supreme Court

A US appeals court says data revealing the whereabouts of you and your phone is protected under the Fourth Amendment – meaning it is protected from unreasonable searches by the cops and Feds.

As a result, the police will have to get a warrant to access citizens' cellphone location records, and will have to prove there is "probable cause" to do so. Right now, the authorities just need to argue there is "reasonable suspicion" in order to receive a court order to demand the data from telcos.

Probable cause demands a stronger standard of evidence than reasonable suspicion, meaning the cops and Feds must have something more than a hunch before demanding cellphone location data.

The appeals court decision – made today at the Fourth Circuit Court of Appeals in Virginia – is a significant one. It reflects a similar ruling by the Fifth Circuit in 2013. However, it goes against a decision on the same issue by the Eleventh Circuit, lining the issue up to head to the Supreme Court.

In this particular case, heard in Baltimore, two armed robbers, Aaron Graham and Eric Jordan, argued that the evidence used to convict them of a series of crimes – namely evidence that they were very close to a series of robberies over the course of six months – should not be allowed into evidence because it violated their Fourth Amendment rights.

That argument was rejected by a district court and then appealed. The appeals court decision, released Wednesday, found in the defendants' favor. But it then allowed for the evidence to be included anyway "because the government relied in good faith on court orders."

In other words: thanks for bringing this constitutional matter to our attention, but you're still going to jail for the rest of your life.

Could find a nicer set of armed robbers

Graham and Jordan were caught close to the scene of their most recent armed robbery in February 2011. They were asked for their cellphone numbers, which they gave and which matched the phones in the car they were traveling in.

Police then got a court order to get location data on the two from their cell phone company Sprint/Nextel for specific days where similar armed robberies had taken place back to six months earlier. When they compared the data, they found that both men had been very close to a number of the robberies, and they used that information to convict them.

The issue is over whether such a search, authorized only through "reasonable suspicion," infringes on people's privacy rights and so serves as an unreasonable search.

In the past five years, there have been a number of cases addressing the exact same issue in courts across the United States, and so the arguments have been fairly well hashed out.

Broadly, the argument is over whether the location data belongs to the user or to the cellphone company. In the days before mobile phones existed, the Supreme Court decided that picking up your landline and dialing a number was effectively giving that information openly to a third party, and so the Fourth Amendment did not apply. As such, a court order was sufficient for a company to hand it over.

However, cell phones now constantly ping your location while you are walking around without you having to actively do anything, providing users (i.e., everyone in the country) with a reasonable expectation that this is private information. The information may be stored by the cellphone company but it should be protected appropriately – and that means the need to get a warrant rather than a court order.

As mentioned, courts have fallen down on both sides of this argument (it probably doesn't help that in most of the cases, the defendants have been repeat violent offenders looking to escape justice for crimes they have almost certainly committed).

The Fourth Circuit is only too aware of the import of its decision and the current limbo in which the law stands, with the majority decision adding in a peculiar footnote to its core decision that would appear to undermine its own case.

The judgment reads:

Examination of a person’s historical CSLI can enable the government to trace the movements of the cell phone and its user across public and private spaces and thereby discover the private activities and personal habits of the user. Cell phone users have an objectively reasonable expectation of privacy in this information. Its inspection by the government, therefore, requires a warrant, unless an established exception to the warrant requirement applies.

The paragraph ends with a link to the footnote which references the Eleventh Circuit decision against the Fourth Amendment argument (the Sixth Circuit also ruled against privacy rights in cellphone location data). It reads:

The en banc Eleventh Circuit recently held that, assuming government acquisition of CSLI through use of a § 2703(d) order is a Fourth Amendment search, such a search would be reasonable under the Fourth Amendment and not require a warrant... Section 2703(d) orders, as previously noted, do not require a showing of probable cause and do not fit within any of the “well delineated exceptions” to the general rule that a search requires a warrant based on probable cause... We decline here to create a new exception to a rule so well established in the context of criminal investigations.

This duality of decisions is also referenced in a dissenting opinion by Judge Diana Motz in which she argues that the "third party doctrine" still applies, i.e., because the user "voluntarily" gives their location data to their cellphone provider, it is no longer protected. (The majority argues in response that "studies have shown that users of electronic communications services often do not read or understand their providers' privacy policies.")

But Motz recognizes that this is something that is going to end up in the Supreme Court and that they will probably find that it is a violation of the Fourth Amendment, but there would need to be an explicit change in how the third-party doctrine is reviewed. She wrote:

Ultimately, of course, the Supreme Court may decide to revisit the third-party doctrine. Justice Sotomayor has suggested that the doctrine is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”... Time may show that my colleagues have struck the proper balance between technology and privacy. But if the majority is proven right, it will only be because the Supreme Court revises its decades-old understanding of how the Fourth Amendment treats information voluntarily disclosed to third parties. Today the majority endeavors to beat the Supreme Court to the punch.

So, in summary: your cell location data records are now more strongly protected in one part of the United States than they were yesterday. But we'll have to wait until the Supreme Court decides for the law to be applied the same across the country. ®

Similar topics

Other stories you might like

  • Drone ship carrying yet more drones launches in China
    Zhuhai Cloud will carry 50 flying and diving machines it can control with minimal human assistance

    Chinese academics have christened an ocean research vessel that has a twist: it will sail the seas with a complement of aerial and ocean-going drones and no human crew.

    The Zhu Hai Yun, or Zhuhai Cloud, launched in Guangzhou after a year of construction. The 290-foot-long mothership can hit a top speed of 18 knots (about 20 miles per hour) and will carry 50 flying, surface, and submersible drones that launch and self-recover autonomously. 

    According to this blurb from the shipbuilder behind its construction, the Cloud will also be equipped with a variety of additional observational instruments "which can be deployed in batches in the target sea area, and carry out task-oriented adaptive networking to achieve three-dimensional view of specific targets." Most of the ship is an open deck where flying drones can land and be stored. The ship is also equipped with launch and recovery equipment for its aquatic craft. 

    Continue reading
  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022