Digital Forensics, Mobile Technology, Technology
Supreme Court Ruling of June 22, 2018 – Carpenter v. United States
Written By
In 2011, a group of individuals committed an armed robbery at several Radio Shacks in Detroit – and the FBI’s main suspect was a man named Timothy Carpenter. Utilizing data that was provided by Carpenter’s cellphone service provider, Carpenter was linked to the scene of the crime and convicted of armed robbery. At the heart of the case, which ultimately landed in the Supreme Court, was the fact that the FBI’s request for Carpenter’s cell phone location data from the phone service provider was granted under the Stored Communications Act.
That location data, called Cell Site Location Information (CSLI), is collected from cell phone towers as the phone makes calls. CSLI can be used to approximate the location of the phone – and can be even more precise with CSLI from multiple towers. This technique is called 'triangulation', which can track the phone within five to ten feet.[1] This data, collected when Carpenter made or received calls, linked him to the scene of the crime — thus providing the most compelling evidence for his guilt. Carpenter appealed his sentence, arguing that it was unconstitutional for the government to track his location through his cell phone under the Fourth Amendment. The Fourth Amendment protects citizens and their property from ‘unreasonable searches and seizures’ not supported by a warrant.[2]
The United States government, however, argued that they didn't need a warrant to access location data from cellular service providers. The Sixth Court of Appeals agreed with the government, determining that the Fourth Amendment did not apply to cell phone tracking: first, because Carpenter had no privacy rights on his cellular location data, and second, because the data did not reveal the contents of his phone calls. Carpenter then filed a petition with the Supreme Court after his appeal was denied. The justices of the Supreme Court answered the question of whether the police should have obtained a search warrant for the location data of Carpenter's phone. Search warrants are more difficult to obtain because they require probable cause, showing that the police believed that Carpenter's data contained evidence of a crime. Instead, the FBI used a subpoena under the Stored Communications Act, which is significantly easier.
The Supreme Court decided on June 22, 2018, that the government should have obtained a search warrant for cellphone location data collected by wireless providers. This ruling represents a major victory for privacy rights, as the Court has now recognized that the data collected by cell phone should be protected under the Fourth Amendment. The issue lies in the fact that location data collected by a cell phone that goes everywhere with its owner can reveal a significant amount of the user’s daily life. This extreme accuracy of location data can quickly paint a comprehensive picture of the owner's activities. The Supreme Court cited earlier case United States v. Maynard, which perhaps best summed up the effect that this knowledge can have: "a person who knows all of another’s travels can deduce whether he is a weekly churchgoer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups—and not just one such fact about a person, but all such facts".[3]
However, there are many ways to bypass the Carpenter ruling. A suspect’s location is not just revealed by CSLI. For example, law enforcement can access records from credit card transactions, which makes it just as easy to discern the card owner’s location; additionally, surveillance cameras are ubiquitous, potentially providing actual images of a subject in a certain location. And if law enforcement insists on collecting cell phone location data, in some situations, a warrant is not necessary. Under the PATRIOT Act of 2001, government authorities can request information pertaining to national security investigations from the relevant entities without judicial approval or a warrant, using National Security Letters (NSLs). While these NSL subpoenas are not a warrant, and only useful in certain situations, they can allow law enforcement to access data and information from cell phone providers without judicial oversight.
The ruling of Carpenter v. United States regulates government surveillance behavior and only applies to public actions. Cell phone companies can still sell customers’ data to other corporations, just not to the government. However, the question remains of whether the private sphere of information sharing will be regulated by the United States government – the government may not usually be able to access your information without a warrant, but that doesn't mean other companies and individuals won't. For example, experienced digital forensics professionals have the power to collect and reveal CSLI, when they are in possession of the cell phone in question and can access its data. So, can any of our data remain private? As of now, Congress is the power with the most authority to regulate this field – will they choose to protect American citizens further from exploitative sales of cellular data or will they ignore it?
[1] https://www.law.berkeley.edu/wp-content/uploads/2015/04/2016-06-07_Cell-Tracking-Primer_Final.pdf
[2] https://www.law.cornell.edu/constitution/fourth_amendment
[3] United States v. Maynard, 615 F.3d 544 (D.C. Cir. 2010)