At stake at US Supreme Court: privacy in the digital age
putting it in perspective
A robbery prosecution raises the question of whether, in the era of smartphones and the internet, constitutional protections against warrantless searches need updating.
In more ways than one, Timothy Carpenter has been demonstrating the importance of smartphones in modern-day life.
Seven years ago, he began organizing and committing a series of armed robberies of cellphone stores in Michigan and Ohio. On Wednesday, he will be arguing to the United States Supreme Court that the privacy of historical location data collected by cell towers should be protected by the Constitution. If the justices agree, it will be the first time the Constitution’s privacy protections have been updated since the internet was invented. As digital technology becomes increasingly necessary for day-to-day activities, the outcome of this case could help determine how private those activities are.
“For every advance in technology, the [high] court has had an opportunity to weigh in on the effect of the new technology on privacy,” says Alex Abdo, a senior staff attorney at the Knight First Amendment Institute at Columbia University. “This case may very well decide whether we can expect privacy in the digital age.”
Before he was a pioneer of privacy rights, Carpenter was supplying the firearms and serving as a lookout for robberies. During that spree seven years ago, his fellow robbers would enter a store brandishing their guns, herd customers and employees to the back, and order them to fill bags with new smartphones.
While investigating the robberies, authorities ordered MetroPCS and Sprint to turn over records of every call made to and from Carpenter’s phone over a 127-day period from cell sites the two companies operated in the areas where robberies were alleged to have occurred. The records – obtained in accordance with a federal law but without a judge-approved warrant – helped authorities place Carpenter at the scenes of the robberies and, ultimately, convict him.
Carpenter, however, has argued that if the government wants to know something as sensitive as his specific location at a certain time, it should have to abide by the Fourth Amendment and show a judge probable cause that he was involved in criminal activity first.
Lower courts have disagreed with Carpenter, but the high court, after nibbling at the edges of the issue in recent years, will now confront it head-on.
Pre-internet privacy laws
The Fourth Amendment is one of the Constitution’s blunter legal instruments, and thus the justices have agreed to periodically update it throughout history to reflect technological advances. The amendment originally required a warrant only for searches of “houses, papers and effects,” but it was expanded in the 19th century to include contents of letters carried by the postal system. In the 1970s, it was expanded to include telephone conversations, and it has not been updated since.
Significantly, throughout all these changes the content of communications has been protected by the Constitution, but information about communications (or “non-content”) have not. The Supreme Court maintained that precedent in its last major Fourth Amendment decision, the 1979 case Smith v. Maryland that created what is known as the “third-party doctrine.” The court ruled then that a person "has no legitimate expectation of privacy in information he voluntarily turns over to third parties" – in this case a pen register, created by the telephone company at the request of police, of all numbers dialed by an alleged robber.
That kind of “non-content” information now includes the metadata – the data about data – transmitted constantly by digital technologies such as smartphones. And vast amounts of that data are collected by third parties.
When investigating Carpenter, authorities used the Stored Communications Act (SCA) to seize and search metadata captured by cell towers. The federal statute, enacted in 1986, effectively enshrined the third-party doctrine into law. Under the statute, all law enforcement needs to prove in order to search information held by third parties like cell service providers is that the records are “relevant and material” to an ongoing investigation.
These precedents are now outdated tools to protect privacy in the digital age, critics argue.
The third-party doctrine was created before the internet, for example, and at a time when third parties held much less information, both in quantity and detail, than they do now. When President Reagan signed the SCA into law, only about 500,000 people subscribed to a cellphone service, according to CTIA, a trade association for wireless communications companies. Now more than three-quarters of American adults own smartphones, which can each transmit more data in minutes than could fit on an entire hard drive in 1986.
“More and more we store our private information on the servers and computers of third parties,” says Mr. Abdo, who co-authored an amicus brief supporting Carpenter. “Do we sacrifice our right to privacy by using modern technology?”
Expanding on that argument is a coalition of some of the largest tech companies in the world. Apple, Google, Microsoft, and Verizon, among other private industry heavyweights, write in an amicus brief – in support of neither party – that “courts should take a more flexible approach that realistically reflects the privacy people expect in today’s digital environment.”
The third-party doctrine, the brief adds, “should not apply in a world where devices and applications constantly transmit data to third parties by dint of their mere operation.”
Their fear, and the fear of some other observers, is that while law enforcement may now be using the third-party doctrine to easily obtain the location and movements of people – information that is also only getting more precise as smartphone technology improves and cell towers proliferate – the doctrine could be used in the future to easily obtain more personal information in even larger quantities.
The ever-growing “Internet of Things” offers a glimpse of that future, the tech companies write. While smartphones constantly transmit specific details about a user’s location to third parties, there are other devices transmitting other kinds of metadata. Smartwatches can transmit a user’s fitness data; smart-home devices can send metadata on room temperature and grocery orders through third parties.
“We don’t know how [third-party metadata] is going to be used in future,” says Michael Overing, an expert in internet law and an adjunct professor at the University of Southern California’s Annenberg School of Communication & Journalism.
“Because we don’t know,” he adds, “I want us to err on side of caution.”
But some experts worry about another kind of slippery slope: that the justices decide to expand the Fourth Amendment in a way that delivers more questions than answers.
To rule that cell tower records are protected by the Fourth Amendment would be to depart from the content/non-content rule, a bright line that has been crucial as privacy law has evolved over the centuries, says Orin Kerr, a professor at George Washington University School of Law.
“The question is what should [the Fourth Amendment] protect and what should it not protect,” he adds. And the content/non-content rule “is an essential rule for maintaining balance as we shift from a physical world to a network world.”
Giving historical cell tower records Fourth Amendment protection “would drag state and federal courts into impossible line-drawing exercises that would cause endless confusion,” Professor Kerr writes in an amicus brief in support of the government.
If the Constitution protects historical cell-site records, he writes, does it also protect bank records? Automatic license plate readers? And is it limited to location information? How important is the length of time the surveillance covered? At what point in time does a search stop being constitutional? And does that point in time depend on the search method being used?
“That [would] create a quagmire for the lower courts,” says Christopher Slobogin, director of the Criminal Justice Program at Vanderbilt Law School. “It would be so hard to figure out when unconstitutional [searches] have occurred.”
'They need to be more aware'
The Supreme Court has avoided major Fourth Amendment questions in recent years, so predicting its decision here is even harder than usual, experts say.
Only one justice, Sonia Sotomayor, has expressed an opinion on the third-party doctrine. In a separate opinion to a unanimous 2012 decision regarding warrantless GPS tracking, she wrote that the doctrine “is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”
But while they may not know the views of the other eight justices, many experts predict the court will ultimately, as it often does with loaded constitutional questions, issue a narrow opinion and then refine that opinion over time through legal challenges stemming from the questions it leaves unanswered.
While they differ on how the Fourth Amendment should be updated, most experts agree that the SCA should be updated. They also hope that the public becomes more informed about how much information they’re giving to third parties every time they use their phones.
“They need to be more aware of what’s being broadcasted, what the privacy settings are on their phones,” says Mark Kuhr, the chief technology officer at Synack, a cybersecurity company based in Redwood City, Calif.
“It would be great to see consumers … demanding better privacy protections from their lawmakers, but also from the people they’re buying products from,” he adds. “Privacy is a little bit of a myth.”