Hey, FBI. Wanna track someone by cellphone? Get a proper warrant, says US appeals court

A US appeals court says data revealing the whereabouts of you and your phone is protected under the Fourth Amendment – meaning it is protected from unreasonable searches by the cops and Feds.

As a result, the police will have to get a warrant to access citizens' cellphone location records, and will have to prove there is "probable cause" to do so. Right now, the authorities just need to argue there is "reasonable suspicion" in order to receive a court order to demand the data from telcos.

Probable cause demands a stronger standard of evidence than reasonable suspicion, meaning the cops and Feds must have something more than a hunch before demanding cellphone location data.

The appeals court decision – made today at the Fourth Circuit Court of Appeals in Virginia – is a significant one. It reflects a similar ruling by the Fifth Circuit in 2013. However, it goes against a decision on the same issue by the Eleventh Circuit, lining the issue up to head to the Supreme Court.

In this particular case, heard in Baltimore, two armed robbers, Aaron Graham and Eric Jordan, argued that the evidence used to convict them of a series of crimes – namely evidence that they were very close to a series of robberies over the course of six months – should not be allowed into evidence because it violated their Fourth Amendment rights.

That argument was rejected by a district court and then appealed. The appeals court decision, released Wednesday, found in the defendants' favor. But it then allowed for the evidence to be included anyway "because the government relied in good faith on court orders."

In other words: thanks for bringing this constitutional matter to our attention, but you're still going to jail for the rest of your life.

Could find a nicer set of armed robbers

Graham and Jordan were caught close to the scene of their most recent armed robbery in February 2011. They were asked for their cellphone numbers, which they gave and which matched the phones in the car they were traveling in.

Police then got a court order to get location data on the two from their cell phone company Sprint/Nextel for specific days where similar armed robberies had taken place back to six months earlier. When they compared the data, they found that both men had been very close to a number of the robberies, and they used that information to convict them.

The issue is over whether such a search, authorized only through "reasonable suspicion," infringes on people's privacy rights and so serves as an unreasonable search.

In the past five years, there have been a number of cases addressing the exact same issue in courts across the United States, and so the arguments have been fairly well hashed out.

Broadly, the argument is over whether the location data belongs to the user or to the cellphone company. In the days before mobile phones existed, the Supreme Court decided that picking up your landline and dialing a number was effectively giving that information openly to a third party, and so the Fourth Amendment did not apply. As such, a court order was sufficient for a company to hand it over.

However, cell phones now constantly ping your location while you are walking around without you having to actively do anything, providing users (i.e., everyone in the country) with a reasonable expectation that this is private information. The information may be stored by the cellphone company but it should be protected appropriately – and that means the need to get a warrant rather than a court order.

As mentioned, courts have fallen down on both sides of this argument (it probably doesn't help that in most of the cases, the defendants have been repeat violent offenders looking to escape justice for crimes they have almost certainly committed).

The Fourth Circuit is only too aware of the import of its decision and the current limbo in which the law stands, with the majority decision adding in a peculiar footnote to its core decision that would appear to undermine its own case.

The judgment reads:

Examination of a person’s historical CSLI can enable the government to trace the movements of the cell phone and its user across public and private spaces and thereby discover the private activities and personal habits of the user. Cell phone users have an objectively reasonable expectation of privacy in this information. Its inspection by the government, therefore, requires a warrant, unless an established exception to the warrant requirement applies.

The paragraph ends with a link to the footnote which references the Eleventh Circuit decision against the Fourth Amendment argument (the Sixth Circuit also ruled against privacy rights in cellphone location data). It reads:

The en banc Eleventh Circuit recently held that, assuming government acquisition of CSLI through use of a § 2703(d) order is a Fourth Amendment search, such a search would be reasonable under the Fourth Amendment and not require a warrant... Section 2703(d) orders, as previously noted, do not require a showing of probable cause and do not fit within any of the “well delineated exceptions” to the general rule that a search requires a warrant based on probable cause... We decline here to create a new exception to a rule so well established in the context of criminal investigations.

This duality of decisions is also referenced in a dissenting opinion by Judge Diana Motz in which she argues that the "third party doctrine" still applies, i.e., because the user "voluntarily" gives their location data to their cellphone provider, it is no longer protected. (The majority argues in response that "studies have shown that users of electronic communications services often do not read or understand their providers' privacy policies.")

But Motz recognizes that this is something that is going to end up in the Supreme Court and that they will probably find that it is a violation of the Fourth Amendment, but there would need to be an explicit change in how the third-party doctrine is reviewed. She wrote:

Ultimately, of course, the Supreme Court may decide to revisit the third-party doctrine. Justice Sotomayor has suggested that the doctrine is “ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”... Time may show that my colleagues have struck the proper balance between technology and privacy. But if the majority is proven right, it will only be because the Supreme Court revises its decades-old understanding of how the Fourth Amendment treats information voluntarily disclosed to third parties. Today the majority endeavors to beat the Supreme Court to the punch.

So, in summary: your cell location data records are now more strongly protected in one part of the United States than they were yesterday. But we'll have to wait until the Supreme Court decides for the law to be applied the same across the country. ®