Supreme Court cell phone data

My data, your data? The US Supreme Court puzzles over the fundamental rights status of third-party personal data

Gordon DowniePosted by

In a world in which personal data is increasingly held, and indeed generated by, third parties (social media firms, financial institutions and utilities), it is becoming increasingly important to establish what our legal relationship to that third-party controlled personal data (TCPD) actually is, not only in terms of data protection legislation, but also at the level of fundamental privacy rights.

In a 5/4 split decision last month in the case of Carpenter v US, the US Supreme Court addressed the question of whether cell-site location information (CSLI) which disclosed a suspected criminal’s whereabouts was protected from discovery without a warrant under the Fourth Amendment to the US Constitution which protects, “[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures”.

Carpenter – the background

Mr Carpenter had been convicted of participation in various robberies with the assistance of evidence of his whereabouts on the day of the robberies which had been subpoenaed from mobile phone firms. The firms had handed over CSLI generated by Mr Carpenter’s mobile phone on the day in question and held by the mobile phone firms.

The Chief Justice, writing for the majority, described the nature and significance of CSLI as follows:

Each time the phone connects to a cell site, it generates a time-stamped record known as cell-site location information (CSLI). The precision of this information depends on the size of the geographic area covered by the cell site. The greater the concentration of cell sites, the smaller the coverage area. As data usage from cell phones has increased, wireless carriers have installed more cell sites to handle the traffic. That has led to increasingly compact coverage areas, especially in urban areas.

Wireless carriers collect and store CSLI for their own business purposes, including finding weak spots in their network and applying “roaming” charges when another carrier routes data through their cell sites. In addition, wireless carriers often sell aggregated location records to data brokers, without individual identifying information of the sort at issue here. While carriers have long retained CSLI for the start and end of incoming calls, in recent years phone companies have also collected location information from the transmission of text messages and routine data connections. Accordingly, modern cell phones generate increasingly vast amounts of increasingly precise CSLI”.

The ‘Katz’ and ‘Miller’ tension

In tackling the question of whether Mr Carpenter enjoyed Fourth Amendment rights over the CLSI disclosing his movements, the Court was confronted with a tension in its own prior case law.

First, the Court had already established many years ago in Katz v US that Fourth Amendment protection applies to people and not places. Thus, it is not tied to the notion of common-law trespass, i.e., the physical intrusion into a constitutionally protected area, but rather to the ‘private sphere’, or in other words to anything in respect of which a person has a ‘reasonable expectation of privacy’.

Second, however, in a series of cases the Court had also, as the Chief Justice put it, “drawn a line between what a person keeps to himself and what he shares with others”, or put another way, the Court had found that a person has no legitimate expectation of privacy in TCPD, or “information he voluntarily turns over to third parties”.

One of the leading decisions in that series was the case of US v Miller. While investigating Miller for tax evasion, the Government subpoenaed his banks, seeking several months of canceled cheques, deposit slips, and monthly statements. The Court rejected a Fourth Amendment challenge to the records collection since: Miller could assert neither ownership nor possession of the documents (they were business records of the banks); and the cheques were not confidential communications but negotiable instruments to be used in commercial transactions and the bank statements contained information exposed to bank employees in the ordinary course of business. The Court thus concluded that Miller had taken the risk, in revealing his affairs to another, that the information would be conveyed by that person to the Government.

The majority view – ‘Miller’ distinguished

The majority ruled that the CSLI relating to Mr Carpenter’s whereabouts did benefit from Fourth Amendment protection. In his opinion for the majority, the Chief Justice sought to distinguish the TCPD (i.e., records of banking transactions) in Miller from the CSLI both in terms of the revealing and indiscriminate nature of the CSLI and the ‘involuntary’ way it was collected.

As he put it:

The Government’s position fails to contend with the seismic shifts in digital technology that made possible the tracking of not only Carpenter’s location but also everyone else’s, not for a short period but for years and years.  […] There is a world of difference between the limited types of personal information addressed in […] Miller and the exhaustive chronicle of location information casually collected by wireless carriers today”.

Cell phone location information is not truly “shared” as one normally understands the term. In the first place, cell phones and the services they provide are “such a pervasive and insistent part of daily life” that carrying one is indispensable to participation in modern society”.

A glimpse into a post-‘Miller’ future?

Whilst the dissenting four Justices took differing views of the application of Miller in the present case, three of them were satisfied that the CSLI did not merit Fourth Amendment protection given that it was not owned or controlled by Mr Carpenter.

Kennedy J, who announced his retiral shortly after the case was decided, was particularly dismissive of the majority’s attempt to distinguish Miller by reference to the revealing nature of the CSLI. As he put it:

“[C]ell-site records, as already discussed, disclose a person’s location only in a general area. The records at issue here, for example, revealed Carpenter’s location within an area covering between around a dozen and several hundred city blocks. Areas of this scale might encompass bridal stores and Bass Pro Shops, gay bars and straight ones, a Methodist church and the local mosque. These records could not reveal where Carpenter lives and works, much less his “familial, political, professional, religious, and sexual associations”. […]  By contrast, financial records and telephone records do “ ‘revea[l] . . . personal affairs, opinions, habits and associations.’ […]. What persons purchase and to whom they talk might disclose how much money they make; the political and religious organizations to which they donate; whether they have visited a psychiatrist, plastic surgeon, abortion clinic, or AIDS treatment center; whether they go to gay bars or straight ones; and who are their closest friends and family members. The troves of intimate information the Government can and does obtain using financial records and telephone records dwarfs what can be gathered from cell-site records”.

By contrast, the dissenting opinion of Gorsuch J (the first of perhaps two Trump appointees to the Supreme Court) expresses deep scepticism of the Miller line of cases and opens up the possibility of not simply distinguishing but rather overruling Miller in the not too distant future and establishing a fresh Fourth Amendment approach to TCPD.

In his admirably frank opinion, Gorsuch J offers the following thought:

What’s left of the Fourth Amendment? Today we use the Internet to do most everything. Smartphones make it easy to keep a calendar, correspond with friends, make calls, conduct banking, and even watch the game. Countless Internet companies maintain records about us and, increasingly, for us. Even our most private documents— those that, in other eras, we would have locked safely in a desk drawer or destroyed—now reside on third party servers.

[…] Miller teach[es] that the police can review all of this material, on the theory that no one reasonably expects any of it will be kept private. But no one believes that, if they ever did”.

Fourth Amendment Protection

Instead, Gorsuch J calls for the application of Fourth Amendment protection to TCPD in circumstances in which, in line with familiar private law concepts, the relevant third party should be regarded as occupying a position of trust. As he puts it:

Ever hand a private document to a friend to be returned? Toss your keys to a valet at a restaurant? Ask your neighbor to look after your dog while you travel? You would not expect the friend to share the document with others; the valet to lend your car to his buddy; or the neighbor to put Fido up for adoption. Entrusting your stuff to others is a bailment”.

In light of Carpenter, TCPD – and not simply the form of TCPD captured in the form of CSLI – looks set to enjoy more generous Fourth Amendment protection than was previously thought under Miller, even if (although this now seems a distinct possibility) the Supreme Court declines to undertake a more ‘root and branch’ reappraisal of the status of the Fourth Amendment status of TCPD.

Share our insights

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.