The Stories Our Data Tell

In a recent ruling, an en banc panel of the 11th Circuit Court of Appeals (which covers Alabama, Georgia, and Florida), held that police may track an individual’s prior location, based on data transmitted from his or her cell phone, without having to show probable cause, or obtain a warrant from a judge. The court’s findings reversed a decision by a smaller panel of the 11th Circuit, which required that police demonstrate probable cause to access cell phone user location data.

In other parts of the nation, some federal courts have ruled in favor of allowing the government to obtain such data without a warrant, while other have called for a more restrictive approach to the gathering of such data. Ultimately, Congress needs to pass laws which offer clear limits on the collection of data by law enforcement authorities. More specifically, Congress should make it clear that a showing of probable cause is required in order to obtain a person’s call, text, email, or internet usage history.

United States v. Davis: Background

In United States v. Davis, a group of judges on the 11th Circuit considered the use of cell phone records in the trial of Quartavius Davis, who was convicted of carrying out seven armed robberies in the Miami area, over a two month period. Prosecutors offered a variety of evidence against Davis, including video footage from crime scenes, as well as the testimony of Davis’ conspirators, and that of eyewitnesses and victims of Davis’ crimes.

As a part of this investigation, prosecutors obtained records of cell phone calls made by Davis, during the 67 day period in which the robberies occurred. These records offered a history of both the phone number Davis called, as well as the cell phone tower which connected this call. Since a call is connected to a particular tower, based on where a mobile phone’s user is located at the time, the prosecution could use this location data, to demonstrate that Davis was present in a particular vicinity (accurate to just over 0.5 square miles), when the offenses in question occurred.

These records were obtained from Davis’ wireless provider, Metro PCS, under a court order, based on the Stored Communications Act, a federal law which provides that a government entity, either state or federal, may (quoting the Court of Appeals in Davis): “require a telephone service provider to disclose ‘a record . . . pertaining to a subscriber to or a customer of such service (not including the contents of communications)’ if “a court of competent jurisdiction finds ‘specific and articulable facts showing that there are reasonable grounds to believe’ that the records sought ‘are relevant and material to an ongoing criminal investigation.”

In other words, if a law enforcement agency has reason to believe that this information might be relevant in understanding a criminal incident, they can appear before a judge, and obtain an order requiring a telecommunications firm to turn over such evidence. That’s what the authorities did in the Davis case. Given the other evidence offered against Davis, as the 11th Circuit noted, there is essentially no debate that this standard was met.

This “reasonable grounds” standard is less strict than the “probable cause” requirement, which is applied in situations involving a search, as defined under the Fourth Amendment of the United States Constitution. In those cases, since probable cause must be demonstrated, the prosecution typically offers an affidavit from law enforcement officers, based on information obtained through their own observations, or statements of witnesses and confidential informants, setting forward specific facts (rather than just conclusions without actual evidence) which show why a search must be permitted.

Davis’ attorney argued that the information obtained from Metro PCS under the Stored Communications Act constituted a search, and so should have been subjected to the elevated standard of probable cause. This question was to be decided by the Court of Appeals.

The Majority Ruling

In deciding whether a search had occurred, the court had to decide whether Davis had an expectation of privacy in the type of information which was disclosed, and if so, whether this expectation was in fact reasonable. The court ultimately did not find in favor of such a right of privacy, since the evidence Davis sought to suppress was found to be a business record of Metro PCS. Referring to the Supreme Court case of Smith v. Maryland, where police used a pen register to obtain records of (landline) phone calls made by a criminal defendant, the majority observed that since anyone who uses a phone is voluntarily exposing his or her call history to the phone company, it was difficult to believe that the defendant had any real expectation that his call history would remain private. What’s more, even if a defendant did hold such an expectation, it was not objectively reasonable.

The court also looked to a case whose facts were quite similar to Davis, decided by the Fifth Circuit Court of Appeals in 2013. In that matter, In Re: Application of the United States For Cell Phone Data, Fifth Circuit judges considered the use of location data, gleaned from calls transmitted through cell phone towers. The Fifth Circuit had focused on who was collecting this data (telecommunications providers, as a part of their daily operations), and noted that the actual content of the communication (what was said during the phone conversation) was not being monitored. The court then turned to expectations of privacy, finding that a mobile phone user would normally be aware that his or her phone was transmitting a signal to a tower, in order to make calls. This would blunt any expectations of privacy based on calling patterns, and by extension, call-based location data.

Lastly, the Fifth Circuit panel acknowledged that there might be privacy concerns in using mobile devices to track an individual’s prior location, noting that such reservations had to be balanced against the need to combat criminal activity. However, the court felt that Congress, rather than the judiciary, was best poised to address these questions.

They noted that Congress had passed the Stored Communications Act, which was compliant with existing Supreme Court precedence, and which permitted for the collection of third-party business records in criminal investigations, without treating such records as subject to Fourth Amendment probable cause requirements. For this reason, Fifth Circuit judges stated that Congress, rather than courts, are best suited to making decisions around how to regulate such issues. The court allowed the aforementioned evidence to be entered into evidence.

The 11th Circuit in Davis applied much of the Fifth Circuit’s reasoning, as well as that of the Supreme Court in Smith, arguing that Davis, like other cell phone users, must have known that his mobile device was transmitting signals to an outside tower, in order to make calls. Thus, Davis could be said to have little subjective (or objective) expectation of privacy.

The court also distinguished Davis’ situation from that of the defendant in United States v. Jones, a 2012 Supreme Court case where the Court held that the extended use of a GPS tracking device, installed by police, without a warrant, on the vehicle of a suspected drug trafficker, was a Fourth Amendment search.

In it’s ruling, the court noted that the majority in Jones had focused on the physical act of attaching a GPS device to a defendant’s vehicle. In Davis, however, the phone records in question were created by and belonged to Metro PCS, and were obtained through use of a federal statute (the Stored Communications Act), rather than through what the court described as the sort of “physical intrusion” seen in Jones. What’s more, since location data, based on use of a mobile phone, is not precise in the sense that GPS tracking typically is, it poses a significantly smaller intrusion.

While the court noted that Davis had offered some noteworthy policy arguments in support of greater privacy protections, their belief was that Congress, rather than courts, should ultimately decide whether and how to offer greater privacy protections in this area.

The First Concurring Opinion

In a concurring opinion, Judge Wilson and Judge Jordan of the 11th Circuit expressed concerns over how the continued expansion of technology (specifically, location-based services) might lead to greater encroachments on individual privacy. In the absence of some sort of reasonable expectation of privacy (which was not found by the majority), these two judges feared, “24/7 electronic tracking (live or historical) in the years to come without an appropriate judicial order” might become commonplace.

Wilson and Jordan argued for a finding that Davis did enjoy some reasonable expectation of privacy (although a reduced level, since the records in question were held by a third party). They did agree that the government had met the requirements of the Fourth Amendment, through obtaining permission for the subpoena of Metro PCS phone records, under the Stored Communications Act.

However, Wilson and Jordan also seemed intent on strengthening privacy protections for those in Davis’ situation. While their findings led to the same ultimate result as the court’s majority (that is, Davis’ call records and cell phone tower locations should be admitted into evidence), they sought to do so in a more limited, cautious manner.

The Second Concurring Opinion

Judge Rosenbaum also offered a concurrence that argued for a more critical view of governmental incursions into individual privacy. Rosenbaum agreed that Smith was the controlling authority in this matter (and thus, Davis’ phone location records were admissible), but also argued that courts ought to take a nuanced view of individual expectations of privacy. Specifically, Rosenbaum contended that individual expectations of privacy when conducting a particular activity, should not be weakened simply because of technological changes.

To illustrate this point, Rosenbaum harkens back to early privacy concerns surrounding telephone calls. During the early 1900’s, she noted, human operators (a “third party”, just like the phone company in Davis) frequently eavesdropped on people’s conversations, while in later years, as the Supreme Court observed in Smith, it was possible for phone companies to utilize recording devices to monitor an individual’s phone calls. Yet, this did not stop the Supreme Court from issuing it’s historic ruling in Katz v. United States (1967), which held that individuals enjoy a reasonable expectation that their phone calls will remain private, which would render monitoring the content of such calls a search under the provisions of the Fourth Amendment.

Rosenbaum extends this point to argue that neither the third-party doctrine, nor changes in technology should override our historic expectations of privacy in a particular activity or type of communication. Thus, chatting with a friend by email, as opposed to by telephone or letter, should not be treated as substantively different, simply because email necessarily implicates use of the Internet. Both involve the transmission of content which we would expect to be private.

Rosenbaum also considers research in a library (by browsing through books and perhaps taking notes), as compared to conducting similar work online, or storing personal or business documents in an office, instead of in a cloud storage platform. In each instance, Rosenbaum argues, one should have a reasonable expectation of privacy, which should not be altered by the reality that a third-party service provider acts as an intermediary in those activities which are online.

Rosenbaum concludes her discussion by observing that since the location data provided by Metro PCS in Davis was rather imprecise (it tracked Davis’ location to a range of just over half a square mile, which is not very exacting in an urban area), Smith still applies. Yet, Rosenbaum, just like the Fifth Circuit in their consideration of these issues, and the majority in it’s ruling, argues for greater legislative guidance around digital monitoring. Overall, this concurrence raises serious concerns about the erosion of Fourth Amendment rights to privacy, in the face of technological change.

The Dissent

Judge Martin and Judge Pryor penned a vigorous dissent to the majority’s holding, warning of the dangers of applying the third-party doctrine too broadly. They argued that the majority’s reasoning might lead to all sorts of sensitive information about a party’s Internet activity becoming available to authorities, including an individual’s search history, email activity, and more.

First, the dissent sought to distinguish Davis from Smith. In Smith, the court noted, one must actually disclose a phone number to the phone company or operator, when making a call. This isn’t quite analogous to location data with cell phones; that is, no cell phone user takes the deliberate action of disclosing his or her location, when making a call. Thus, expectations of privacy seem to be higher in Davis than in Smith.

What’s more, the dissent cites a variety of cases which narrow the scope of the third-party doctrine. In one Supreme Court ruling, the Court held that even though letters were sent through a mail carrier (clearly a third party), senders and recipients had legitimate expectations of privacy. The same was true of hotel guests, when a hotel employee authorized a search of their room, and of course in the aforementioned Katz matter, where the Court found a reasonable expectation of privacy for calls made from a phone booth. While the dissent acknowledges that each of these cases is in some respects different from Davis, they use these cases to warn that the third party doctrine is not quite as clear-cut as the majority seems to believe.

The dissent also examines Google’s privacy policy, which allows them to collect information ranging from a user’s name, email address, credit card information and location, and engage in extensive data collection of an individual’s Internet activities. Martin and Pryor argue that by applying the majority’s reasoning (which limited expectations of privacy in information which was voluntarily provided to a third party), users would have essentially no privacy interest in such personal information. The same could be said of the social data collected by Facebook, or the commercial activities of Amazon members.

As a part of this analysis, Martin and Pryor also raise questions about what exactly is and isn’t protected content. In it’s ruling, the majority weighed against letting Davis enjoy a legitimate privacy interest in the location data transmitted by his mobile phone, and took pains to distinguish this type of information from direct monitoring of the text of one’s email, arguing that the latter was “content” while cell phone location data was “non content” evidence.

Yet, in assessing this argument, the dissent notes that there is no clear definition of precisely what does and does not comprise protected content. Is a person’s Google search history content or non-content information? Also, while the text of an email might constitute privileged content or information, isn’t it quite possible that the time an email was sent, as well as it’s recipient, might be discoverable, and thus of considerable evidentiary value? The dissent views content as a matter that is difficult to define precisely.

The dissent next argues that Davis in fact had a reasonable expectation that his mobile location data would stay private. Citing to Jones, Marin and Pryor note that a variety of personal information can be revealed from long-term monitoring of a person, and the same is true of cell phone call tracking in Davis, where the defendant’s call history offers a close look at his or her movements, communication patterns, and personal habits. With the shift from calling to texting and messaging, and more frequent communication between mobile devices and carrier networks, this has become even more of a concern.

Lastly, the dissent notes that by applying the probable cause standard, which governs searches under the Fourth Amendment, it would have still been quite simple to obtain Davis’ location data from Metro PCS. This standard, the dissent notes, is not exceptionally high, but it plays an important role in protecting constitutional rights. Given the nature of the information revealed in Davis, and the threats to privacy which loom large in the digital age, the court warns against an overly lax view of standards of privacy.

What Congress Needs To Do

Both the Fifth Circuit holding in In Re:, as well as the majority in Davis, argued that Congress needs to play a more prominent role in deciding what sorts of laws ought to govern the privacy questions raised in these cases. After all, Congress passed the Stored Communications Act, which was originally invoked to obtain Davis’ phone-based location records. Why not have Congress offer further guidance as to how to proceed on the electronic privacy issues of today?

Congress can accomplish this by declaring the collection of any and all metadata, as well as textual, visual, video or other electronic content, obtained from a person’s mobile, tablet, computer or other Web-accessible computing device, or through digital communications in general, as a search under the provisions of the Fourth Amendment. Such a categorization will require authorities to make a showing of probable cause before a judge, in order to obtain authorization to access such data.

Metadata must be broadly defined, to cover both the sort of location data stored by Metro PCS in Davis, as well as other information which authorities might seek access to in the future, includes patterns of texting, messaging, emailing, and searching online. Content needs to be understood in a similarly expansive manner, as including, for example, words, videos, and images in a text message, as well as Google and YouTube search queries.

The dissent in Davis correctly noted that there is still considerable ambiguity around the precise meaning of content vs. non-content data. In addition, the privacy policies of firms like Google, which requires users to provide access to a variety of highly personal information, could lead to governmental access to massive amounts of highly private information, under the third party doctrine.

These sorts of gaps in our current privacy framework, which often involve collecting data from third-party businesses, which make use of one’s data as part of user agreements, must be closed. There is no better way to accomplish this goal, than through the development of explicit, well-defined legislative standards around privacy of such data.

In drafting such legislation, Congress’ primary objective must be to protect individual electronic and digital communications patterns, by heightening the burden which the state must meet, in order to gain access to this type of information. Congress ought to be mindful of the concerns raised by Judge Rosenbaum in her concurrence.

Rosenbaum had warned against allowing technological change, specifically, the growing shift of many aspects of our lives online, to erode our longstanding view of whether our communications and personal activities ought to enjoy some degree of privacy. That fact that we now conduct so many of our daily activities and communications through digital means (which was not the case just 15 to 20 years ago), should not lead to unrestrained monitoring by law enforcement and intelligence organizations.

Congressional action here will clearly fall within the scope of recent efforts to better define what sort of governmental monitoring and data collection ought to be permitted. Earlier this year, following a protracted Senate battle, which led to a brief lapse of the USA Patriot Act, Congress passed the USA Freedom Act, which restricted the bulk collection of certain metadata by the NSA, as exposed by former NSA and CIA contractor Edward Snowden in 2013. This act also brought greater transparency and fairness to the secret FISA court process, which oversees requests for expanded surveillance.

What is particularly notable about this legislation is that it drew bipartisan support, with some prominent Republican senators, most notably Mike Lee and Rand Paul, vocally advocating in favor of reform, alongside their Democratic colleagues. They faced concerted opposition from Senate Majority Leader Mitch McConnell and some other Republicans, who were concerned that such reforms might weaken anti-terrorism and intelligence efforts.

The passage of the USA Freedom Act, along with growing public wariness towards government surveillance programs, suggests that Americans are growing increasingly doubtful of the need for a sprawling national security state. The initial fear and terror which followed 9/11, seems to be finally giving way to a more reasoned understanding of the balance between fighting terrorism and safeguarding our liberties. Thus, for the first time in nearly 15 years, it seems politically feasible to pass the sorts of reforms.

Of course, there will undoubtedly be objections to such changes. Perhaps the most common argument against reform will involve arguments about public safety; that is, with the heightened standard of probable cause being applied to the collection of telephone and other digital metadata, law enforcement agencies will face greater hindrances in their efforts to investigate criminal activity, which could lead to a suspect successfully evading capture and punishment. That would put the public at risk.

Such arguments are flawed. While probable cause does indeed require a higher threshold of evidence in order to conduct a search, it has hardly stopped the police from performing their jobs. As the dissent in Davis noted “The probable cause standard is not onerous.” Probable cause itself sets manageable requirements, in terms of what the prosecution must demonstrate in order to obtain a search warrant. For this reason, historically, there is little proof that this requirement has actually hindered criminal investigations. Also, as the dissent in Davis observed, data obtained from cell phone or Internet usage is rather unlikely to be lost, which alleviates concerns that valuable information will become unavailable, while working to obtain a warrant.

The application of a probable cause standard will, however, have a notable positive impact. It creates not just a basic standard of proof, but rather, a barrier against unjustified encroachments into an individual’s privacy. Law enforcement agencies will also learn that the rules of the game have changed, and our digital data, which can reveal as much personal information as any search of a house or vehicle, cannot be accessed at will.

Additionally, application of probable cause requirements to searches of data and digital content, will lead to a body of case law, which will better define our privacy rights in this realm. Courts across the nation will be required to consider various factual situations, involving attempts by authorities to obtain access to a variety of information. Over time, just as with physical searches of vehicles or homes, judges will consider questions of law and policy, in order to best balance concerns of security, privacy, and constitutional rights. Citizens will thus enjoy a better idea of what sorts of rights they currently enjoy, while Congress can act to strengthen privacy protections as needed.

In today’s era, our digital footprints can be used to weave an intimate story about our lives. It can lay bare a variety of information about our social interactions, interests, personal habits, and patterns of movement. For this reason, is eminently reasonable for Americans to believe that such information deserves an increased degree of privacy. Applying standards of probable cause to accessing will go a long way towards providing such protections, while still allowing authorities to enforce the law and help maintain public safety and order.

Like what you read? Give Shiva Bhaskar a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.