On Tuesday afternoon the United States Court of Appeals for the Fourth Circuit released a ruling that's likely to hit privacy advocates pretty hard. It declared that authorities don't need a warrant to collect cellphone location data, and that such data isn't protected by the Fourth Amendment.
The decision in United States v. Graham was decided 12-3 in the government's favor by a panel of Fourth Circuit judges. The question at hand is whether the government's use of "cell-site location information" (CLSI) obtained without a warrant was constitutional; in this case, the information was used to convict two defendants, Aaron Graham and Eric Jordan, in a series of armed robberies committed in 2011.
This isn't the first time the Fourth Circuit has heard this particular case. In August 2015 a three-judge panel of the court decided 2-1 that the use of cell-site information did infringe on Fourth Amendment rights, and that the government would need to get a warrant based on probable cause going forward. At that point, though, the majority said while the location collection was unconstitutional, the conviction was okay because the feds were acting on a "good faith" reading of the Stored Communications Act.
Nonetheless, the court's judges decided to rehear the case en-banc when it came the Fourth Amendment issue, and here we are with a new decision. Judge Diana Gribbon Motz, who was the lone dissenting vote on last year's three-judge panel, wrote the majority opinion. The gist of the decision is that the Fourth Amendment wasn't violated because the data had already been turned over to a third party: the cell service providers that Graham and Jordan paid for their phone plans. I'll let Judge Gribbon Motz explain:
Supreme Court precedent mandates this conclusion. For the Court has long held that an individual enjoys no Fourth Amendment protection “in information he voluntarily turns over to [a] third part[y].” Smith v. Maryland, 442 U.S. 735, 743-44 (1979). This rule — the third-party doctrine — applies even when “the information is revealed” to a third party, as it assertedly was here, “on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.”
For now where things go with U.S. v. Graham is very much up in the air. As The Wall Street Journal points out, this is one of several cases where a circuit court has sided with the government on third-party doctrine. Meghan Skelton, the lawyer representing Graham and Jordan, told the Journal that she plans to appeal to the Supreme Court. Reuters notes, rightly, that the Supreme Court decided not to hear a similar case last year, but the bubbling up of more cases may lead them to weigh in on the matter.
But there's good reason to be concerned, because this decision feels a little bit like the judicial equivalent of going ¯\_(ツ)_/¯ when it comes to cell phone location data. After all, we are all carrying phones around all the time that are constantly tracking our locations, unless they're turned off or in airplane mode. This decision implies that the government could track all of our movements without needing a judge to sign off.
But Gribbon Motz sounds okay with this. Here's how she describes what the government did:
"[T]he Government did not surreptitiously view, listen to, record, or in any other way engage in direct surveillance of Defendants to obtain this information" she writes. "Rather, as the Sprint/Nextel custodian of the CSLI records testified at trial, CSLI is created and maintained in the normal course of Sprint/Nextel’s business."
If this sounds familiar, it's because it seems an awful lot like the argument that the NSA made around simply collecting metadata, and not the content of phone calls, made by millions of Americans. But, as former-NSA head Michael Hayden has said, "We kill people based on Metadata." And while we may not kill armed robbers based on it, we certainly put them in jail.
In all fairness to Gribbon Motz, she's not arguing that all this is right, but that it is legal when a company does the tracking and hands it over to the government.
Defendants contend that the government always invades an individual’s reasonable expectation of privacy when it employs technological devices to track an individual’s moves. Perhaps so. But that question is not before us. No government tracking is at issue here. Rather, the question before us is whether the government invades an individual’s reasonable expectation of privacy when it obtains, from a third party, the third party’s records, which permit the government to deduce location information.
But that is the entire problem! By externalizing responsibility for this sort of data collection, government agencies that are interested in surveilling citizens get to have their cake and eat it too. A vast amount of revealing data is collected (free of charge) by a private entity, and can be obtained without a warrant. It also puts a great deal of power into the hands of telecom giants like Verizon or AT&T, what sort of information they retain, and how they protect that information. Of course, these aren't companies known for their caution with user data.
The solution to this is nothing less than to rethink exactly what Gribbon Motz mentions, what Americans (and the rest of the world) believe a "reasonable expectation of privacy" is when it comes to technology. This is why privacy advocates tell people to download encrypted chat apps and turn off location tracking on their phones, but even that isn't enough; your phone has to reveal its location to surrounding cell towers to get service. As decisions like this show, a workable privacy-protecting solution won't come from the courts, and will probably take legislation. So, good luck!
Just something to mull over the next time you see a cellphone tower.
Ethan Chiel is a reporter for Fusion, writing mostly about the internet and technology. You can (and should) email him at ethan.chiel@fusion.net